What is meant by the term "shadow IT"?

The term "shadow IT" refers to software and technology solutions that are implemented within an organization without the explicit approval or oversight of the IT department. This can include applications, services, or devices that employees use to perform their work, which are not part of the official IT infrastructure.

Shadow IT often arises when employees seek to improve their productivity by using tools they find useful or more convenient, such as cloud services or mobile applications, even though these may not adhere to the organization's security policies or compliance requirements. This phenomenon can pose significant risks to the organization, such as data breaches or compliance violations, as the IT department may lack visibility and control over these unsanctioned resources.

The other options do not accurately describe shadow IT. External vendor solutions would typically be part of formal IT procurement processes. Approved software usage outside of work hours does not constitute shadow IT, as it is sanctioned by the organization. Legacy systems, while possibly being out of date, are still officially recognized and managed by the IT department, not fitting the definition of shadow IT.