AI Tools Accelerate 'Shadow IT' Growth

- The growth of "Shadow AI" is a primary driver of SaaS sprawl, as employees independently adopt AI tools to enhance productivity, often outside of IT's view. This trend of using unapproved AI tools is a significant concern for 73% of organizations. These unsanctioned applications can create security vulnerabilities and challenges in data governance. - Employees often turn to shadow IT to innovate and work more efficiently, bypassing the slower procurement processes of their IT departments. In fact, 97% of employees report increased productivity when they can use their preferred applications. However, this autonomy can lead to employees inputting sensitive business data into applications that haven't been vetted by security teams. - The financial impact of shadow IT is substantial, with Gartner estimating it accounts for 30-40% of IT spending in large enterprises. This unmanaged spending can lead to redundant software subscriptions and wasted licensing fees. For instance, different teams may unknowingly use and pay for separate tools that have overlapping functionalities. - Unmanaged AI tools pose significant security risks, including the potential for data breaches and non-compliance with regulations like GDPR. Employees may unintentionally input sensitive company or customer information into AI applications, which could violate data protection laws. Research shows that over 60% of applications expensed by employees have a "Poor" or "Low" security risk score. - Many existing SaaS vendors are rapidly integrating AI capabilities into their platforms, often with default settings that prioritize function over security, further contributing to AI sprawl. This can lead to new and complex data pathways between applications that are difficult for security teams to monitor. - To manage the growth of shadow IT, some companies are adopting a "freedom within a framework" approach. This strategy aims to balance employee autonomy with corporate governance by providing a pre-approved list of AI tools and clear usage policies. - The use of unapproved AI can also lead to what is known as "AI sprawl," where numerous, disconnected AI systems operate within an organization. This fragmentation creates challenges for integration, leads to duplicated costs, and results in inconsistent security controls across the company. - Employees' adoption of shadow AI is not always with malicious intent; it often stems from a desire to be more effective and a lack of awareness of the associated risks. Research indicates that employees are three times more likely to use AI than their leaders expect. This highlights a disconnect that can be addressed with better communication and training on responsible AI use.