Shadow IT refers to the use of technology systems, software, applications or devices without formal approval from the university’s Information and Communication Technology department. It can support innovation, research and teaching, but also introduces risks to security, privacy, compliance and governance. Universities need clear policies, effective vetting of tools and collaboration between IT, cybersecurity and academic teams to strike the right balance. This BoF session will provide a forum for sharing experiences, lessons learned and strategies to manage Shadow IT, ensuring data protection while enabling genuine research and learning.

Discussion Prompts:
•    How has your university encouraged innovation while ensuring third‑party tools (including AI and new software) meet security and compliance requirements?
•    What governance models or policies have proven effective or ineffective in managing Shadow IT?
•    In what ways have IT and cybersecurity teams collaborated with academics and researchers to balance flexibility and risk?
•    What processes have you used to vet and approve third-party tools without slowing down research or teaching?
•    How do you communicate expectations and responsibilities around Shadow IT to staff and students?
•    What lessons or success stories can you share about integrating third‑party apps securely into your environment?

This session will explore shared sector experiences with Shadow IT, offering insights into practical approaches for managing risks while fostering innovation and collaboration between IT, cybersecurity and academic teams. Participants will exchange what has worked well, what has not, and how collective learning can improve practices across the sector.