For IT & Collaboration Owners
Deliver safe, secure collaboration while satisfying the needs of stakeholders across the business

For Security
Improve your risk posture with a purpose-built solution for collaboration

For Legal
Scale, orchestrate and streamline your eDiscovery process for employee collaboration
For Compliance
Establish a proactive approach to collaboration compliance and information governance

For Employee Experience
Harness insights from surveys and collaboration data to transform the employee experience

AWR-2023_human-behavior-risk-analysis-report_cover art_small
Download the Resource

The Human Behavior Risk Analysis

Learn More →


Connect Aware to the tools you already use to have all your company messaging in one place.

Our Platform

Contextual Intelligence Platform

Aware is a contextual intelligence platform that identifies and reduces risk, strengthens security and compliance, and uncovers real-time business insights from digital conversations at scale.

LEARN MORE → Learn About our AI →
Our Applications


Protect your data and your people with complete, real-time visibility and centralized control of collaboration.

Learn More →

Data Management

Take centralized control and make smarter decisions about what to keep and what to purge.

Learn More →

Search & Discover

AI-powered universal search purpose-built for collaboration. Find information and surfaces the full story—faster.

Learn More →


Automatically capture authentic human signals from modern collaboration to support your most valuable asset.

Learn More →

What's in your data?

Calculate my results →


About Aware

Our leadership, our company


Explore open roles with our remote-friendly, global team


Driving customer value, together

Press Releases

Digital workplace news and insights


How Aware customers streamline operations, reduce risk, and boost productivity


Data security partners & certifications


Get in touch with us


10 Reasons Why Aware is a Top Place to Work

Learn more →


Access reports, webinars, checklists and more.

Explore →


Explore articles devoted to enterprise collaboration, employee engagement, research & more

Explore →
Case Study Promo_2023

How Aware customers streamline operations, reduce risk, and boost productivity

Read More →

The Risks of Unendorsed 'Shadow' Collaboration Solutions

by Matt Huber

First Published Oct. 2018. Updated Mar. 2024.

Shadow IT carries with it some huge risks that—if not taken seriously—come with serious consequences. At the most basic level, the possibility of not knowing about a software, service or technology in your stack creates a gap in coverage or exposure in your security program.

To better understand shadow IT, let’s start with a hypothetical scenario:

Jon is the collaboration manager for XYZ Corporation. Sally helps direct the IT portfolio, determining what products the company should and should not use. After some research and cooperation, Jon and Sally agree that Microsoft Teams is an excellent workstream collaboration tool to help break down organizational silos and encourage information sharing.

Months go by and Teams gets good use in certain areas of the company. Meanwhile Derek in Sales decides that Slack has some functionalities that would help enhance his productivity. After seeing how easy it is to create a Slack workspace, Derek, along with his sales team, starts using this alternative platform without the approval of Jon or Sally.

This Is Shadow IT.

Jon and Sally don’t know that Derek introduced a new platform within his team, and had no chance to implement the controls and safeguards that the other approved applications in the IT Portfolio have.

The existence of shadow IT within the organization raises three key questions:

  • Why does it matter?
  • Why don’t we let our employees choose a collaboration tool that might be faster, better or cheaper?
  • What’s the big deal, can it really do any harm?

This guide will help navigate some of the risks associated with Shadow IT, and how to make the most of these situations when they arise.

Why Does It Matter?

Any time there is an unendorsed technology solution in use within an organization, there is a significant gap in coverage that creates increased exposure in your security program.

What if Derek were to share competitive insights and sales forecasts with a colleague who exfiltrated that information before leaving for a competing company? No one would be aware, and this could eventually damage the company. And in highly regulated industries, sharing sensitive information in collaboration can have significant compliance implications.

Other Tools May be Better, Faster or Cheaper—So Why Shouldn’t Employees be Allowed to Choose the Platform They Prefer?

Implementing multiple collaboration tools isn't necessarily a bad thing. Over 90% of organizations use at least two and 85% use six or more. It's when those tools aren't properly managed and moderated that they introduce risk to the organization.

An organization that permits employees to use whatever collaboration platform they want also needs to get to grips with how it will secure all those different spaces. Legal and IT departments may find themselves without sufficient oversight. Or they may have to log into multiple different locations to create rules and respond to incidents. This makes collaboration security management much slower, more granular and less effective than using one or two authorized tools.

Companies that adhere to PCI, HIPAA or GDPR compliance face additional burdens when it comes to securing collaboration. Not only are violations damaging from a reputational or data loss perspective, but they often come with significant fines and penalties attached.

Ultimately, any “shadow IT” solution that takes hold within a company will eventually become business critical —but lack requirements demanded by the business, such as high availability, redundancy and disaster recovery.

What is the Big Deal, and Can it Really Do Any Harm?

Your employees want to do their jobs effectively. Collaboration tools can accelerate communication and break down internal silos that otherwise slow work down. As such, the implementation of shadow IT is rarely malicious. However, it can still do serious harm to the company and its employees by opening the door to data loss and regulatory noncompliance.

  • HIPAA fines in 2020-21 reached all-time highs, and to date HIPAA fines have cost noncompliant practitioners more than $133 million
  • PCI non-compliance can run from $10k to $100k USD per month, depending on the circumstances
  • GDPR non-compliance can range up to 4% of a company’s global revenue or €20 million, whichever is greater

These regulations exist to protect consumers, and employees may inadvertently harm them or their coworkers by using unapproved software.

Where to Go from Here

For one, understand what software your employees are using. Listen to them and survey them; understand what works and what doesn’t. If they are using an unendorsed "shadow" collaboration platform, then assess why, and consider how to make them successful within the organization. Don’t scold or penalize employees. Once an application is brought into the organization’s IT portfolio, make sure it’s held to the same standards and baselines that your other applications are held to.

There are many ways to stay on top of shadow IT, but one solution is by pairing Aware with the platforms that people want to use—giving your employees the tools to collaborate effectively and securely.

Aware demo request

Topics:Enterprise CollaborationInformation SecurityData Loss Prevention