According to Gartner, 41% of employees already have their own technological solution. What that could be costing your company

It's not a security issue. Or it's not just that. The usual narrative about shadow IT—the tools that employees use without IT knowing it—places the risk in cybersecurity and regulatory compliance. Those risks are real. But in medium-sized Spanish companies, the more immediate impact of shadow IT is more prosaic: the company pays twice for the same process.

Gartner estimates that in 2024, 41% of employees acquire or create technological solutions without knowledge of the IT department [1]. By 2027, that figure will reach 75%. Gartner also estimates that shadow IT represents between 30% and 50% of an organization's real technology spending [2].

In a company with a technological budget of 200,000 euros per year, that's between 60,000 and 100,000 euros in tools that no one inventoried, that are not integrated with corporate systems and that, when the person who configured them leaves the company, they stop working or stop understanding each other.

This article is not a call to ban anything. The tools that teams adopt on their own often solve real problems that corporate systems don't solve well. The objective is to understand what is there, what it really costs and what can be done with it in an orderly manner.

The typical shadow IT map in a medium-sized Spanish company

The medium-sized Spanish company in the hospitality, distribution, professional services and education sectors has a fairly predictable shadow IT profile. They are not rare tools or illegitimate uses: they are solutions that teams adopt because corporate systems have a gap that no one has closed yet [8].

‍

The MuleSoft Connectivity Benchmark Report 2024 quantifies this: the average company uses more than 900 applications, of which only 28% are integrated with each other [5]. In the medium-sized Spanish company —which operates with a much smaller ecosystem— the pattern is replicated at scale: between 50 and 200 applications, most of them disconnected from each other, generating data silos that IDC estimates cost between 20% and 30% of annual revenues in inefficiencies [7].

Why shadow IT doesn't disappear by banning it

The classic institutional response to shadow IT is prohibition: list of authorized tools, blocking of unapproved facilities, internal communications about the correct use of technological resources. The usual result is that shadow IT continues, but in a more hidden way. Employees keep using their tools; they just stop saying that they do.

The report of Retool Build vs. Buy Report 2026—a survey of 817 professionals in Fortune 500 startup companies—documented that 60% of respondents built software outside of IT supervision in the past year [3].

They didn't do it out of negligence or to challenge IT: they did it because they had a problem to solve and authorized tools weren't solving it with the speed they needed. 35% have already replaced at least one corporate SaaS tool with their own development.

The structural cause is that the midsize company has a gap between the speed at which operational departments need to solve problems and the speed at which IT can prioritize them. Gartner recognizes this phenomenon as structural: the concept of Citizen Developer —employee who builds solutions without a formal technical profile—is not an anomaly, but a pattern that accelerates [6].

By 2026, 80% of low-code platform users will be professionals outside of IT.

Shadow IT is not a problem of corporate culture or training. It is a symptom that there are operational processes without adequate technological coverage. Eliminating it without covering those processes does not solve anything: it transfers the problem to another format.

How to audit the shadow IT of a midsize company in four weeks

Gartner recommends an approach of Governance in three phases: auditing of actual use, classification by level of risk and decision to regularize, replace or eliminate [10]. What follows is a practical adaptation for a medium-sized company without the resources of an enterprise IT department.

Week 1 and 2. The real inventory

‍Not the inventory that IT believes exists. Actual inventory requires direct conversations with those responsible for each department—sales, operations, HR, finance, marketing—with a single question: what tools does your team use to do their work that aren't on the list of approved corporate software? The question is not accusatory: it is a diagnostic one. The goal is to understand the gap, not to punish it.

Network management tools such as Lansweeper or similar can complement this inventory by detecting installed applications or SaaS domains accessed from the corporate network. But the conversation with the teams is essential: network tools do not detect what is used from the personal mobile phone or from home networks.

Week 3. The classification by impact

‍Not all shadow IT has the same risk or value. Once inventoried, each tool can be classified into three categories: tools that solve a real problem that no corporate system covers well (candidates for regularization or planned replacement), tools that duplicate functionality already paid for in the corporate stack (candidates for deletion and migration), and tools that involve sensitive data without adequate guarantees (priority for immediate intervention).

Week 4. The action plan

‍Gartner estimates that 40% of shadow IT identified in medium-sized companies can be regulated with configuration settings in tools already contracted [10].

The other 60% requires a decision: formalize the shadow tool with a contract and appropriate guarantees, replace it with an internal tool designed specifically for that use case, or integrate it into the corporate stack via iPaaS. All three options are legitimate. The fourth option — banning it without covering the process it solved — is the one that generates the most second-generation shadow IT.

What to do with what you find: the case of Airtable and the internal tool

The most common case in medium-sized companies is that of Airtable or Google Sheets used by a department to manage a process that ERP or CRM does not cover well: a project pipeline, an incident tracker, a customer onboarding system. These tools usually work properly within the team that created them and stop working when they scale: when the team grows, when the data needs to connect to another system, or when the person who configured them leaves.

80% of the Fortune 100 use Airtable [9].

The difference between the enterprise use of Airtable and the shadow IT use of Airtable isn't the tool: it's the design. A well-designed Airtable base, with correct permissions, integrated via API with the ERP and with an identified process owner, solves the operational problem with guarantees. An Airtable database created by someone over a weekend to solve an urgent problem, without documentation and with shared access by link, is shadow IT even though the tool is the same.

The implication is that the answer to productive shadow IT—the one that solves real problems—is not to eliminate it, but to design it correctly. That requires time and process design knowledge, not just access to the tool. And that well-done design, with data connected to corporate systems and with adequate security guarantees, is exactly what distinguishes an internal tool from an improvised workaround.

Organizations that consolidate their shadow IT before implementing automation achieve 23% more adoption of new flows than those that automate over a fragmented ecosystem [11].

Order matters: first the map of the territory, then the infrastructure.

Shadow IT as a signal, not a problem

Every unauthorized tool that a department is using is information. It indicates that there is an operating process without adequate technological coverage, that existing corporate systems have a gap that users have identified, and that there is a capacity for technological adoption in equipment that the IT department is not aware of.

Treated as a signal, shadow IT is the best map of where to build internal tools with real impact. Treated as a threat, it generates a cycle of prohibition and replacement that does not close operational gaps and that, by 2027, will affect 75% of the employees of any organization [1].

The question worth asking isn't “what tools are they using without permission?” , but “what are they telling us about what our systems don't solve?” That second question has a much more useful answer.

‍References

[1] Gartner (2024). Predicts 2025: Empowered Employees and Technology Democratization.
Gartner estimates that in 2024, 41% of employees acquire or create technological solutions without knowledge of the IT department. By 2027, this figure will reach 75%. The report defines the Shadow IT such as the set of systems, solutions and services used within an organization without explicit approval from the technology department.

[2] Gartner (2023). How to Manage and Mitigate Shadow IT Risk (ID: G00793742).
El Shadow IT represents between 30% and 50% of a company's real technological expenditure. Some of this expense is not additional, but duplicated, since it replaces existing corporate tools.

[3] Retool (2026, February). The Build vs. Buy Shift: How Vibe Coding and Shadow IT Have Reshaped Enterprise Software.
markets.financialcontent.com/wral/article/bizwire-2026-2-17-retools-2026-build-vs-buy-report-reveals-35-of-enterprises-have-already-replaced-saas-with-custom-software
Survey of 817 professionals in companies from startups to Fortune 500. 60% built software outside of IT supervision in the last year (25% frequently) and 35% have replaced at least one SaaS tool with their own development.

[4] McKinsey & Company (2024). Unlocking value from AI in operations: A playbook for the enterprise.
Employees waste up to 9.3 hours a week searching for information and coordinating approvals between non-integrated systems. 45% of the time spent on these processes could be automated with existing technology.

[5] MuleSoft (2024). 2024 Connectivity Benchmark Report. www.mulesoft.com/connectivity-benchmark
The average company uses more than 900 applications, of which only 28% are integrated. 68% of organizations identify data silos as their main obstacle, and 80% of IT leaders say that they prevent them from harnessing data for decision-making.

[6] Gartner (2023). Magic Quadrant for Enterprise Low-Code Application Platforms.
The concept of Citizen Developer —employees who create solutions without a formal technical profile—is a structural phenomenon. By 2026, 80% of low-code platform users will be professionals outside of IT.

[7] IDC (2024). The Cost of Disconnected Data in the Enterprise.
Organizations lose between 20% and 30% of their annual revenues due to inefficiencies stemming from data silos. Duplication of tools is one of the main factors.

[8] ONTSI/Red.es (2024). Digital technologies in the company 2023.
74.2% of Spanish SMEs have a basic level of digital intensity and only 13.9% use big data analysis. The gap with large companies exceeds 40 percentage points.

[9] Airtable (2026). Enterprise. www.airtable.com/enterprise
80% of the Fortune 100 use Airtable. Adoption in enterprise environments often begins in non-IT departments that meet specific operational needs.

[10] Gartner (2024). How to Build a Shadow IT Governance Framework.
Gartner proposes a three-phase approach: auditing of actual use, classification by risk and decision to regularize, replace or eliminate. It estimates that 40% of the Shadow IT in medium-sized companies it can be regulated with existing tools.

[11] Deloitte (2023). Automation with Intelligence: 2022 Global Automation Survey.
Organizations that consolidate their Shadow IT before automating, they achieve 23% more adoption of new flows compared to those that operate in fragmented environments.