Part of the Network security glossary:

Shadow apps are software-as-a-service (SaaS) applications that are used on business networks but are not supplied by the IT department or even visible to them.

Shadow apps are often collaborative software, such as unified communication and collaboration (UCC) applications that enable greater productivity in the office. The apps are sometimes installed by general users in an organization; however, CEOs are often the biggest offenders because they are less locked down with user rights management than the rest of the staff.

Commonly-installed shadow apps include Google apps and Dropbox. These and other shadow apps carry with them an increased risk of data breaches because they have not been verified to be secure. The risk of data breaches associated with shadow apps has been estimated to be three times greater than is the case with internal applications. Shadow apps can also cause bandwidth issues on the network, slowing things down for all users and impacting productivity.

CIOs are in a difficult position to limit shadow apps. The software often improves communication and productivity, while security and data breaches may not seem to be real threats until they happen. Managing shadow apps requires cooperation and communication between CIOs, CEOs and other employees.


The first step required to deal with shadow apps is an audit of all apps used on the corporate network. There may be something in the enterprise’s supported software that could be used for the same purpose as a shadow app. On the other hand, some unsupported apps may be installed but not used – according to research, up to 75 percent of software installed on enterprise is never accessed. Finally, an audit may also reveal areas where internal apps are not working effectively, so that IT can step up to fix the issues.

This was last updated in August 2014
Contributor(s): Matthew Haughn
Posted by: Margaret Rouse

Related Terms


  • virtual honeypot

    - A virtual honeypot is software that emulates a vulnerable system or network to attract intruders and study their behavior. Virtual honeypots contrast with hardware-based honeypots, which are dedica... (

  • Google Hack Honeypot (GHH)

    - A Google hack honeypot is a system designed to be vulnerable to sophisticated search engine queries for the purpose of attracting hackers and studying their behavior. Google hacking (sometimes call... (

  • vulnerability management planning

    - Vulnerability management planning is a comprehensive approach to the development of a continuous and repetitive system of practices and processes designed to identify, analyze and address flaws in ... (


  • Network security

    - Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.

  • Internet applications

    - This glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question About shadow appPowered by

Get answers from your peers on your most technical challenges

Tech TalkComment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.