CFOtech New Zealand - Technology news for CFOs & financial decision-makers
New Zealand

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Ps andy milburn
#
CASB
#
Risk & Compliance
#
Data Privacy

Shadow IT and the rise of data anarchy: Reclaiming control in a SaaS-driven world

Wed, 26th Nov 2025
By Andy Milburn, VP for APJ, Datadobi

Shadow IT, also known as the use of software, apps, or services without the knowledge or approval of the IT department, has become standard practice within businesses everywhere. Whether it's HR deploying a cloud-based hiring tool, marketing teams embracing a new analytics platform or developers trying out a new AI app, these actions might seem harmless, possibly even innovative.

In reality, it's an approach that introduces some significant data management and compliance challenges, particularly given the massive growth in AI adoption, where tools are readily available for a vast range of use cases.

Thanks to the ubiquitous reliance on cloud applications, employees can easily launch tools without consulting IT with just a few clicks. As a result, the data landscape is becoming increasingly fractured and decentralised, with important information dispersed and siloed across multiple platforms and devices. This exposes organisations to dangers that are sometimes impossible to measure, making data difficult to manage, safeguard, or even locate. 

The fact that employees want to adopt new tools, often for perfectly valid reasons, is not the issue. Business units are heavily focused on delivering competitive advantage, speed and agility. The problem is that moving swiftly without waiting for IT procurement cycles is made possible by SaaS, and is often too tempting for competitive BUs facing pressure to perform. However, adoption that occurs "in the shadows" always poses a risk. 

For instance, without central monitoring, sensitive information can be easily uploaded to applications that lack strong security or fail to comply with relevant requirements. In many cases, they may have or duplicate features that are already present in existing products, creating unnecessary IT sprawl. Over time, this leads to increased inefficiency, spiralling costs, and compliance exposure.

Into the light

Traditional approaches to governance, such as forbidding any unauthorised applications or attempting to restrict access, have little effect in today's environment. Employees are resourceful, and to remain competitive, digital workforces require modern tools – so they are likely to circumvent regulations anyway.

Instead, companies require a model that strikes a compromise between accountability and agility. The first step is to have visibility throughout the entire IT estate. The ability to determine where data is stored, who has access to it, and how it flows between systems is essential for leaders. From there, regulations can be enforced uniformly across the board, ensuring the protection of private data and ensuring the entire company adheres to regulations and cooperates with internal directives regarding the use of software tools. 

The capacity to handle the entire lifecycle of data is equally crucial. Data that remains in long-forgotten SaaS applications for years poses both a compliance and a security concern. If companies want to reduce expenses and fulfil their regulatory requirements, they need to establish very precise procedures for retaining and archiving data, as well as strong rules about end-of-life and automatic erasure. 

The problem cannot be resolved by technology alone; culture also matters. Workers must be made aware of the dangers of unregulated shadow IT, and company executives should be encouraged to collaborate with IT rather than ignoring the issue and avoiding such discussions. Hazards are reduced when governance is viewed as a means to achieve safe and effective work, rather than a hindrance to it. This is especially important as new regulations, such as APRA's CPS234 and an expanded SOCI Act, continue to be introduced in Australia. 

This is where modern data management comes into play. Advanced software offers the ability to bring order into fragmented environments, providing consistent control and visibility across on-premises systems, apps, and clouds. Data management solutions enable organisations to reap the benefits of SaaS without falling into chaos by giving IT leaders control of the data landscape. 

With proper culture, governance, and tools, Shadow IT can be made much more visible. Companies that engage with the problem will lower their risk exposure and, in doing so, open the door to a safer and more flexible future where data fragmentation is no longer a serious risk or an impediment to growth.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Finance teams brace for rising AI risks, fatigue & compliance in 2026
Payment leaders face modernisation hurdles despite confidence gap
4 real AI shifts that will define procurement in 2026
Curvestone AI raises USD $4 million to automate regulated workflows
No AI without HI: Why human intelligence is the real competitive edge in the age of AI

Top stories

Fi911 launches ResolveLab to streamline payfac dispute tools
Orgvue unveils Henshaw AI to transform workforce planning
Banks face digital race as flexible credit card demand surges
Cardano Foundation appoints Stephen Wood as Chief Financial Officer
eflow Global launches AI eComms modules with transparent fees