| Industry | Examples of Shadow IT and Shadow AI |
| Healthcare | Consumer messaging, unapproved storage of medical imaging files, certificate challenges due to specialized portals for specific healthcare groups, department-run electronic health record (EHR) environments, unapproved telehealth platforms, AI for note summarization |
| Insurance | Custom applications for new insurance policy introductions, certificate challenges, maintenance issues, unsanctioned SaaS for claims processing, ad hoc analytics tools, unmonitored cloud data transfers |
| Banking | Personal messaging with clients, unapproved SaaS analytics, AI-driven models outside oversight, unapproved fintech integrations |
| Airlines | Ticketing applications, loyalty/rewards applications, GenAI-based rebooking systems, customer service chatbots, mobile staff communication apps (such as WhatsApp, Signal, or WeChat) |
| Utilities | Contractor remote access, cloud-based desktop-as-a-service (DaaS), AI predictive maintenance applications, unsanctioned Internet of Things (IoT) devices |
The dark side of shadow systems: Shadow IT is really about consequences. Compliance and privacy are among the most pressing. Regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) require strict oversight of sensitive data. Unapproved applications may bypass these safeguards, exposing organizations to fines or legal action even if no data breach occurs. Security is another concern. Assets outside IT oversight go unmonitored, leaving vulnerabilities and misconfigurations open to attack. Independent research shows just how big the problem is.IDC’s “Future of Digital Infrastructure: The Future of Digital Infrastructure, 2024: AI-Ready Platforms, Operating Models, and Governance” found that more than 40% of SaaS applications operate without formal IT approval, creating blind spots that directly undermine compliance requirements. Similarly, the IEEE Computer Society reported that 41% of employees already acquire or build technology outside IT’s knowledge, with that share projected to rise to 75% by 2027.Unauthorized systems rarely integrate well with official tools, creating silos, duplicate data, and broken workflows. With SaaS and AI adoption accelerating, these risks are spreading faster than IT teams can manage. Eliminating Shadow IT and its cousin Shadow AI isn’t realistic, so the focus must shift from prevention to smarter control.
Exposing what’s outside IT’s view: Regaining control begins with visibility. Teams need to see what’s moving across the network, including live activity, unauthorized apps, and new risks. By analyzing network traffic in real time, NETSCOUT gives IT and security teams the insight to uncover Shadow IT and Shadow AI, close compliance gaps early, and keep sensitive data out of unapproved systems, bringing a hidden problem into the light.See how NETSCOUT, together with partners such as Splunk, helps organizations turn Shadow IT into actionable intelligence. Download our solution brief for examples of how we help industries stay ahead of compliance, security, and performance risks.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4086912/how-shadow-it-leaves-every-industry-in-the-dark.html
