The amount of money spent on shadow IT is concerning, but it’s only the tip of a very dangerous iceberg.
We know that average enterprises spend over $4 million per year on SaaS (that they know of). We also know that shadow IT comprises 50 percent of IT spending. Given these two things, we can extrapolate that average companies are spending millions on shadow IT.
Leaky budgets and out of control SaaS spending slow companies down, but shadow IT also creates increased exposure to cybersecurity threats that could sink a business. While considering the true cost of shadow IT, it is helpful to think of applications as investments, instead of simple expenses.
Shadow IT Costs vs. ROI
Shadow IT persists as a problem partly (largely?) because employees see value in procuring software on their own. And that means that some shadow IT is generating ROI.
Employees don’t sign up for apps to intentionally hurt the company; they do it to become more productive. The issue is that they are not focusing on data leakage, redundant licenses, and the host of other problems that can come with unauthorized apps.
So, while eliminating shadow IT is a good idea, it might be worthwhile to first embark on a little discovery. What apps are being used, and where? Are those apps adding value to the organization? Is the issue about unauthorized apps, or redundant software and licenses?
Sometimes, curbing the costs of shadow IT just means making software that users are already using more “legitimate.”
Shadow IT Costs: The Full List
The complete costs of shadow IT might set a company back in terms of time, money, and reputation; business leaders who recognize each of these threat areas are more prepared to eliminate them. Consider:
Shadow IT Hurts Productivity"Software that does not integrate with other systems smoothly can cause problems with compatibility, security, and information sharing." Click To Tweet
When an individual or a non-IT business unit procures software independently, they are likely to think about their needs without considering the greater technology plan. Software that does not integrate with other systems smoothly can cause problems with compatibility, security, and information sharing.
Shadow IT Opens the Door to Costly Cybersecurity Threats
When unauthorized devices and software make companies vulnerable to hackers, businesses may find themselves faced with costs that go even beyond the millions of dollars in wasteful spending. 21% of organizations have experienced attacks and other events because of technology that employees use without authorization from IT. Because the company’s security professionals have never been made aware of the shadow IT products, the products are not covered by the cybersecurity plan.
The average data breach costs an organization $4.24 million. This average is up from $3.86 million last year, partially due to the increasing prevalence of remote work. The average cost is $1.07 million higher in breaches involving remote work than it is in breaches where remote work is not a factor.
Time is Money and Downtime Costs Both"The average ransomware incident results in 16 days of downtime." Click To Tweet
Security events disrupt operations, which is why they are so costly. For example, the average ransomware incident results in 16 days of downtime. To quantify the cost of downtime, consider the following stats:
- The estimated average cost of downtime is as high as almost $9,000 per minute for large organizations.
- Even for small businesses with less money to spare, the average cost of downtime is still $427 per minute.
- A 14-hour outage cost Facebook $90 million in 2019 (nearly $6.5 million per hour, more than $100,000 per minute).
- Average mid-sized companies spend $1 million per year on incidents, while larger organizations spend $60 million or more.
Cyber Attacks Cost More Than Money"87% of consumers will avoid companies that do not handle data responsibly." Click To Tweet
The immediate cost of cyber events is already hard to swallow. Unfortunately, the other consequences of these breaches and attacks can continue to show up on the bottom line for years to come. When a business experiences significant downtime because of a cyber event, it appears unreliable, which hurts reputation. The brand can be damaged even more severely if it loses control of data during the event.
87% of consumers will avoid companies that do not handle data responsibly. Thanks to compliance regulations like GDPR, HIPAA, and CCPA, among others, it is relatively easy for these consumers to identify organizations with poor reputations for handling personal data appropriately. Immediate costs and fines hurt right away, but a damaged reputation can have a devastating effect on a company’s value. It is difficult to assign a dollar amount to reputation, but possible–Verizon knocked $350 million off of the price of Yahoo! because of data breaches.
Even putting aside the risks that come with a security breach, there is the issue of redundant licenses. Multiple teams or departments might all have their own licenses for the same software, and paying a premium for those licenses. Those should really be consolidated to save costs.
Finally, there is a heavy cost associated with shelfware: Software that gets purchased and then seldom or never used. If that software is on a subscription model, the tab can keep running, even if the software is not provided any real value to the organization. But if no one in the organization knows that it’s there, who is going to both cancelling it?
SaaS Cost Optimization: First Steps
Again, shadow IT has an ROI. Which means that proper SaaS cost optimization will increase that ROI. Your first steps should include:
Discovering SaaS Usage
If employees are signing up for SaaS apps on their own, there will be no way of knowing this without doing an explicit discovery. It is worth investing in a tool to do this.
Optimizing SaaS Licenses
SaaS license optimization is possible when leadership has a big picture view of SaaS usage, and then uses that to cut or consolidate unused licenses. For example, if most employees never record their Zoom meetings, it is unnecessary to pay for storage for their subscriptions.
Negotiating SaaS Contracts
When employees sign up for SaaS on their own, they simply agree to the click-through agreement. Those agreements might not be optimal for the organization as a whole. When new IT solutions are procured through the proper channels, there is an opportunity for business leaders to negotiate more favorable terms.