Report: AI Expands Corporate 'Shadow IT' Risks
What happened
A new benchmark report from SaaS management platform Torii finds that the proliferation of AI tools is accelerating SaaS sprawl and expanding "shadow IT" within companies. The report indicates that 61% of applications are unmanaged, increasing governance and security risks for large enterprises.
Why it matters
- "Shadow IT" refers to the use of any hardware, software, or service without the knowledge or approval of the company's IT department; common examples include using personal Google Drive accounts for work files, or using unauthorized messaging apps like WhatsApp or project management tools like Trello. - The Torii report highlights the scale of this issue, finding that large enterprises run an average of 2,191 distinct applications, while the average employee interacts with 40 different apps. - More than half of the most widely adopted shadow applications discovered in corporate environments are now AI-first tools, which often connect directly to company data through instant integrations. - This practice introduces significant security risks, including data leakage and a widened attack surface for cybercriminals, as unvetted tools may lack necessary security controls and are not monitored for threats by security teams. - Unmanaged applications can also lead to serious compliance and governance violations regarding regulations like GDPR and HIPAA, as sensitive data may be stored or processed in non-compliant ways. - The rise of "Shadow AI," specifically, presents new risks; when employees input sensitive internal information into public generative AI models, that data can be stored indefinitely on external systems, creating a permanent, unsecured data trail. - Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside of IT's visibility, a significant increase from 41% in 2022. - Beyond security, shadow IT also creates financial risks, including wasted spending on redundant applications and inefficient resource allocation when IT departments lack a centralized view of all software in use.
Key numbers
- The report indicates that 61% of applications are unmanaged, increasing governance and security risks for large enterprises.
- The Torii report highlights the scale of this issue, finding that large enterprises run an average of 2,191 distinct applications, while the average employee interacts with 40 different apps.
- Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside of IT's visibility, a significant increase from 41% in 2022.
What happens next
- This practice introduces significant security risks, including data leakage and a widened attack surface for cybercriminals, as unvetted tools may lack necessary security controls and are not monitored for threats by security teams.
- Unmanaged applications can also lead to serious compliance and governance violations regarding regulations like GDPR and HIPAA, as sensitive data may be stored or processed in non-compliant ways.
- Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside of IT's visibility, a significant increase from 41% in 2022.
Quick answers
What happened in Report: AI Expands Corporate 'Shadow IT' Risks?
A new benchmark report from SaaS management platform Torii finds that the proliferation of AI tools is accelerating SaaS sprawl and expanding "shadow IT" within companies. The report indicates that 61% of applications are unmanaged, increasing governance and security risks for large enterprises.
Why does Report: AI Expands Corporate 'Shadow IT' Risks matter?
"Shadow IT" refers to the use of any hardware, software, or service without the knowledge or approval of the company's IT department; common examples include using personal Google Drive accounts for work files, or using unauthorized messaging apps like WhatsApp or project management tools like Trello. The Torii report highlights the scale of this issue, finding that large enterprises run an average of 2,191 distinct applications, while the average employee interacts with 40 different apps. More than half of the most widely adopted shadow applications discovered in corporate environments are now AI-first tools, which often connect directly to company data through instant integrations. This practice introduces significant security risks, including data leakage and a widened attack surface for cybercriminals, as unvetted tools may lack necessary security controls and are not monitored for threats by security teams. Unmanaged applications can also lead to serious compliance and governance violations regarding regulations like GDPR and HIPAA, as sensitive data may be stored or processed in non-compliant ways. The rise of "Shadow AI," specifically, presents new risks; when employees input sensitive internal information into public generative AI models, that data can be stored indefinitely on external systems, creating a permanent, unsecured data trail. Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside of IT's visibility, a significant increase from 41% in 2022. Beyond security, shadow IT also creates financial risks, including wasted spending on redundant applications and inefficient resource allocation when IT departments lack a centralized view of all software in use.
