shadow cloud [English]

Syndetic Relationships

InterPARES Definition

n. ~ Cloud-based services implemented by users without appropriate authorization, operating outside information governance policies, and often with no integration to existing systems.

General Notes

Cloud services may be convenient, free or inexpensive, and widely adopted. Use of those services in a corporate environment without review or integration with existing systems may place the organization at legal risk (privacy, discovery, compliance) or technological risk (data security, reliability, continuity).


  • Rodrigue 2013 (†915 ): In trying to make business users more independent from the IT department, cloud providers have been slowly creating a shadow IT ecosystem that, instead of having its own processes, many times has no process at all, consisting of haphazardly put together sets of solutions that create significant risks for companies, many times without them actually knowing about them. ¶ Shadow IT rises from two main features of cloud solutions, especially cloud- or cloud-based software: the external hosting of solutions and the pay-as-you-go business model. These, in turn, create two separate sets of risks for corporations. The former creates risks associated with IT (data security and privacy, systems reliability, disaster recovery), while the latter creates risks on the financial side of things. Over the next couple of posts, we will explore in more detail these two sides of shadow IT, and how companies can deal with them effectively. (†2741)
  • Vijayan 2014 (†914 ): A growing tendency by business units and workgroups to sign up for cloud services without any involvement from their IT organization creates serious risks for enterprises. The risks from shadow cloud services include issues wit hdata security, transaction integrity, business continuity and regulatory compliance, technology consulting firm PricewaterhouseCoopers (PwC) warned last week. (†2740)