IT Horror Stories with Jack Smith – The Incident Log

Episode 9 : Shadow IT Reports

Why you should not have a “Quick Sales Tool” in production

We dive into the familiar chaos of Shadow IT created by the sales department — well-intentioned, fast-moving, and completely invisible until something breaks. A “quick tool” turns into a critical system overnight, contracts appear after go-live, and IT is asked to secure, integrate, and support something it never approved or even knew existed. It’s a story about speed versus control, good intentions with bad outcomes, and why Shadow IT doesn’t start with malice — it starts with urgency.

Listen now on Apple Music, Spotify, Deezer, Youtube or where-ever you get your panic attacks.

Shadow IT Reports: Tales from the Tech Trenches

Welcome, fellow IT surviv—I mean, enthusiasts! If you’ve ever worked in tech, you know that sometimes what happens in the server closet does not stay in the server closet. In this epic installment of IT Horror Stories, Jack Smith and Bob are here to spill the beans (and the energy drinks) on the shadowy world of Shadow IT.

Buckle up. Grab your coffee. Or maybe something stronger.

What Is Shadow IT, Anyway?

Let’s rip the band-aid off right away:

“Shadow IT is essentially business doing IT stuff without the knowledge of the IT department.”

If you’re an IT pro, you probably shivered reading that. If not, count yourself lucky. Shadow IT isn’t just a spooky term—it’s when business teams or, let’s face it, any group in a company, decide they’re going to set up some IT solution, app, or workaround without going through the official IT channels. Sometimes it’s clever. Sometimes it’s desperate. It’s never boring.

Why Do People Create Shadow IT? Spoiler: It’s Not Just Because They Love Risk

Before we dive into the stories, let’s look at the realities behind Shadow IT:

  • Speed: IT policies can be slow, but sales needs their spreadsheet now.
  • Customization: Out-of-the-box isn’t always enough. Teams want their own flavor.
  • “Because I Can” Factor: Someone knows their way around Access/Excel, so why not?
  • Frustration: Corporate solutions may not cut it.

But as Jack and Bob point out, every shadow IT story is a warning:

“There is not a single Shadow IT story that ends well.”

The Big One: A Multinational’s Shadow IT Monster

Setting the Scene

Transport yourself back about 10 years, to a global powerhouse of a company. Our narrator, Bob, is minding his own IT business when the dreaded call comes in—from the CEO no less.

“Never a good thing if you get a call from the CEO out of the blue.”

The problem? The sales department is paralyzed. Sales reports—those projections, funnel data, revenue spreadsheets—are completely dead. Time to put on the detective hat.

Down the Shadow Rabbit Hole

Here’s where things get gloriously (and horribly) complicated:

  1. Sales Reports Are Missing
    The CEO is livid and blames IT. Bob investigates.
  2. The Network Share Puzzle
    The VP of Sales points Bob to a network share. Except… there are no files.
  3. The Missing Server
    IT backs up everything—or, so they think. When Bob asks to restore the vanished files:“What network share?”
    The network team has never heard of it. It doesn’t exist on their storage system.The files, as it turns out, lived on a secret local server. Not documented. Not patched. Not monitored. Hidden in a closet. For eight years.

Anatomy of a Shadow Server

If you like IT horror, this next bit is for you.

  • A real server (not a scrounged-up desktop)
  • Bought on the sales budget
  • Ridiculously expensive: “At the time, it cost several million.”
  • Sporting 4 terabytes (10 years ago, that was a ton!)
  • Never patched, never updated, never seen by IT

How did it connect to the network? Plugged into a regular desk network outlet. As far as IT could tell, it was “just another desktop.”

The Blue Screen of Doom

After eight years, the server finally gave up—ran out of disk space, blue-screened, and wouldn’t boot. Sales data, reports, the entire house of cards: gone.

Bob’s initial thought? Check for a backup. But you can’t back up something you don’t know exists.

The Password Sin & Other Security Nightmares

Security pros, you may want to look away.

The sales files were “protected” with the VP of Sales’ login. That was your security model. Zero Active Directory, no domain membership, just a username and password.

As Bob puts it:

“It used the login of the VP…”
“I am now scanning my brain for VPs.”

Rest in pieces, audit trail.

The Bosses Did Know (Sort Of)

Here’s the kicker: everyone in local management was aware. The CEO supported it—because “it gave them the flexibility head office didn’t.” As long as sales delivered, everyone looked the other way.

So What Do You Do With a Zombie Server?

With the server limping back to life (after clearing temp files and freeing space), Bob faced a dilemma. Report to head office, who would definitely want it shut down. Or keep the locals happy, who needed their custom reports to function. A rock and a hard place.

Eventually, a compromise: migrate all local data into the official corporate platform; transform the reports to match the locals’ needs; and promise, cross-your-heart, to do it right going forward.

Of course, it wasn’t that simple. This process took a year, a minor war with German directors about policy (cue political drama), and a parade of workarounds.

The Next Generation of Shadow IT: Power BI Edition

You thought it was over? This is IT. When one loophole closes, another opens.

Nine months into the migration, sales starts building new custom reports in Power BI. They take the official dataset and create… yep, shadow versions of the very reports IT was trying to standardize. The difference? This time it’s in the corporate cloud. Compliance and Audit are (so far) blissfully unaware.

Power BI proved too much for locals who lacked the skills—so now, instead of an unknown server, you have an open data lake and undertrained users. New tools, same old problem.

“Shadow IT is not always recognized as Shadow IT, but also sometimes it’s known under user empowerment.”

How Did It All Go So Long Undetected?

Back to our shadow server—how did it remain unseen for eight years?

A few reasons:

  • 10 years ago, network discovery tools were less common.
  • Regular sweeps or modern network authentication could have flagged it, but not everyone did those.
  • Sometimes, someone in IT is complicit, or just chooses not to ask questions—especially if told by a local CEO.

Today? It would be harder but still not impossible, especially if enough people want it left alone.

Why Does Shadow IT Even Start?

Short answer: Necessity is the mother of “let’s just do it.”

  • Head office solutions often don’t meet local business needs.
  • People are incentivized to solve their own problems, and if IT or corporate can’t (or won’t) move fast enough, they’ll do it themselves.
  • As Bob puts it:
    “Somebody has a specific need and the need is not fulfilled by the rest of the organization. So they’re going to try and find a solution. That on its own is good… but yeah, then in the end it’s the nonexistence of the run phase.”
  • Shadow IT is rarely managed or maintained post-setup.

The Near Miss: Data Loss Disaster Averted

In this story, everything worked out—barely.
No data loss, and with some temp files deleted, the server came back to life. But it could have been so much worse. If a RAID array or drive had failed, years of sales data would have been toast—and only then would the higher-ups have truly cared.

IT and Business: The Never-Ending Balance

If you strip away the horror, what’s the lesson? Business needs drive tech adoption, sometimes outside the rules. A little flexibility can fuel growth… but it puts a lot at risk.

Head office doesn’t always care what locals do, as long as the numbers look good. Local teams optimize for survival—and when things go wrong? IT gets the first call.

A Comedy of IT Errors: The Board-Level Shadow IT Pledge

Just when you thought you’d heard it all, Bob shares a quick story from a later job:

New senior management arrives. The director makes a bold pronouncement: “No more Shadow IT! In three years, we’ll have all business on properly maintained systems.”

The crowd goes wild.

Then someone asks: “What about the needs Shadow IT helps fulfill?”

The answer: “We will empower all business users to develop their own little programs and scripts to fulfill those needs, and IT will support them.”

The room falls silent. The universe sighs.

“Shadow IT is not always recognized as Shadow IT, but also sometimes it’s known under user empowerment.”

IT Survival Tips: What Have We Learned?

Key Takeaways for IT Pros (and the Curious)

1. Don’t Assume “It’s All Good”

If you’re in IT, assume there are hidden file shares, servers, or apps. Sweep your networks regularly, check for rogue devices, question anything odd.

2. Communication Is Everything

Business and IT need to talk—early and often. Understand why Shadow IT happens, and you can (sometimes) intercept it before it festers.

3. Step Into Their Shoes

Corporate solutions are often out of touch with local needs. Work with teams to make official tools flexible and responsive.

4. Train, Train, Train

Migrating to new tech (like Power BI) sounds great—until someone has to actually build the reports. Skill up your people, or you’ll have a new kind of Shadow IT.

5. The Human Factor

Sometimes everyone looks the other way. Sometimes they just don’t know. Build relationships across your organization so you’re the first to hear about weird workarounds.

The Real Risk: When Luck Runs Out

Shadow IT seems invisible—until it suddenly isn’t. All it takes is a hardware failure, data breach, or audit. Then the blame games begin, and nobody remembers approving anything.

As Jack and Bob remind us:

“You get expensive oopsies. Yes, expensive oopsies with consequences that can cost you dearly.”

Luck is not a strategy. Sooner or later, your number comes up.

How to Actually Fix Shadow IT (Or At Least, Survive It)

Official Playbook

  • Run regular network scans.
  • Insist on full asset inventories (no “mystery boxes”).
  • Make official solutions fast and flexible enough for business needs.
  • Provide quick-turnaround support for “edge cases.”
  • Create safe spaces for business users to request help or tools before they go underground.

For Business Teams

  • If you have to create your own tools, document them. Tell someone. Maintenance is not optional.
  • When head office says no, lobby for changes through the right channels.
  • Don’t let the “wizard with the Excel macros” be the only human who knows how things work. When they leave, the magic goes with them.

TL;DR: Your Shadow IT Recap

  • Shadow IT happens when business units set up unofficial tech—servers, apps, tools—outside IT’s knowledge or control.
  • It often starts with good intentions: speed, flexibility, solving problems. It almost always ends with pain, confusion, and risk.
  • It can go undetected for years—until, suddenly, it can’t. (Usually in a crisis.)
  • Closing the gap between what business needs and what IT provides is the only long-term fix.
  • When IT and business finally work together, everyone wins, and the “horror stories” stay funny, not fatal.

“We ridicule situations, never individuals or groups. Listener discretion is advised and we encourage everyone to approach technology with a sense of humor and an open mind.”

Final Thoughts: Don’t Be the Next Shadow IT Story

Shadow IT isn’t just a horror story—it’s a reality check. Don’t wait for a blue screen to be your next boardroom drama.

If you learned something, or you have your own tales of server closets and “rogue” spreadsheets, share this post! Maybe it’ll save a few headaches (or jobs) out there.

Jack Smith

Leave a Reply

Your email address will not be published. Required fields are marked *