Shadow IT

Shadow IT: Understanding and Managing the Unseen Tech in Your Organisation

Overview

In this webinar, Thierry Houle-Gingras, Director of Information and Security for the Town of Hampstead, Quebec, and board member of MISA Canada, LOLA, and RMTI, explores the growing challenge of Shadow IT. The use of unapproved apps, devices, and services by employees. While often well-intentioned, Shadow IT introduces serious risks to security, compliance, and data integrity.

Key themes and takeaways

What is Shadow IT?

• Refers to any technology used without IT department approval.
• Common examples include personal cloud storage, messaging apps, or third-party tools.
• Often adopted to improve productivity or fill gaps in official IT offerings.

Risks and challenges

• Security vulnerabilities: Unapproved tools may lack encryption or proper safeguards.
• Compliance issues: Data may be stored in non-compliant regions or formats.
• Data fragmentation: Scattered data across platforms makes oversight difficult.
• Increased costs: IT teams must manage and mitigate risks retroactively.

Turning risk into opportunity

• Shadow IT reveals what users need but aren’t getting from official tools.
• It can guide IT departments to improve usability, functionality, and responsiveness.
• Listening to employees and understanding their workflows is key to evolving IT services.

Strategies for managing Shadow IT

• Engage, don’t punish: Understand why employees turn to unapproved tools.
• Educate users: Provide training on secure, effective tool usage.
• Offer better alternatives: Introduce modern, user-friendly, approved solutions.
• Establish clear policies: Define acceptable use and ensure compliance.
• Foster collaboration: Involve users in shaping IT strategies and solutions.

Final message

Shadow IT isn’t just a threat—it’s a feedback loop. By embracing it as a signal for improvement, local governments can build more secure, efficient, and user-centric digital workplaces.