Shadow IT – Productivity Benefit or Massive Security Risk?

I think you raise some great points Shannon O'Donald.  I think we have come a long way from the traditional approach of blocking everything in IT departments and being gatekeepers.  

I think if done right, shadow IT can be seen as an opportunity, as it shows possible gaps or limits that staff feel they have to go elsewhere.   Redirecting this to solutions that the business has invested in and can support is preferred.  If there were Slack users, for example, bringing them onboard with Microsoft Teams would be a natural progression. 

That's not to say willful disregard especially with data protection, would be acceptable, there have to be some limits.  I think there should be some sort of amnesty when an unauthorised service is found to be in use and this can be sanctioned with whatever caveats need to be applied or translated to a service that the business can support.  Costs are also a factor, an organisation can purchase services/products at a much better rate than someone who just decides to buy ad-hoc something on their company credit card for example.

I think you also have to look at the commissioning of IT services and everyone being on the same page.  Also, in some cases, staff may just not know what facilities and features are available already before looking elsewhere.