Shadow IT : How to protect Strategic Data

shadow IT

Translation has long been essential for global businesses to communicate with customers, partners, and suppliers across different languages. But with the rise of shadow IT, especially the rampant use of some free online translation services, risks have skyrocketed.

Free online translation apps like Google Translate, Microsoft Bing Translator and DeepL have multiplied the risk. According to Common Sense Advisory:

  • 64% of translation professionals say that colleagues (never themselves, of course!) often use free online translation services.
  • 80% of bank employees don’t observe protocols for multilingual conversations, often by using online translation services.

What is Shadow IT and Why Should Companies Worry?

Shadow IT refers to the use of technology or systems within an organization without the knowledge or approval of the IT Service. It can take many forms, including use of personal devices, downloading unauthorized software, uploading content to SaaS or cloud services that have not been sanctioned by the organization. All have vulnerabilities.

When was the last time you checked the Google Terms of Service? When you click that innocent-looking translate button, do you know you give the Big G irrevocable permission to:

  • host, reproduce, distribute, communicate, and use your content ….
  • publish, publicly perform, or publicly display your content….
  • modify and create derivative works based on your content….

Sure, shadow IT can provide employees and contractors with flexibility and autonomy in their work. It can save the costs of hiring external vendors. But its risks are many, and serious:


When employees use shadow IT, they may unknowingly expose the organization to security vulnerabilities and increase the risk of data breaches. This can lead to exposure of sensitive company data, financial losses, and reputational damage.


Companies must comply with regulations, laws, or standards that require only certain technologies or software to be used. Shadow IT risks violating these rules, exposing firms to potentially catastrophic legal and financial consequences.


When technology assets are not centrally managed or monitored, the IT department and other stakeholders cannot manage risks and make informed decisions.

Why Are Free Online Translation Services Especially Risky?

When employees use online translation tools, they send sensitive information to third-party cloud servers. There the uploaded data is vulnerable to interception, data breaches, or unauthorized access. This can lead to the loss of confidential business information, intellectual property, or customer data.

Many online translation services collect data on the user, and the content being translated, location data, and device information. This data can be used for targeted advertising, profiling, or other purposes, which may infringe on the privacy of employees or customers. If something is free, there’s a good chance that you are the product and your data is being sold. Or exposed.

The tale of alerts us to the danger. In 2019, Norway’s biggest energy company, Statoil, used this free online translation service for internal documents. NRK, a top Norwegian news site found that these sensitive documents were publicly accessible in the cloud. 

There are also legal and regulatory risks. Companies may be subject to regulations such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). Governmental, legal, and financial firms must comply with many more. Using online translation tools without proper controls and safeguards risk violating these laws, with grave potential legal and financial consequences.

How to Reduce Risks of Exposing Translated Data through Shadow IT?

To mitigate risks of exposing translated data, companies need to take steps to establish better control over translation processes and ensure that sensitive internal and client data is protected.

  1. Establish clear policies and guidelines for translation. Define what can be translated with online services and how.
  2. Use reputable translation agencies that guarantee secure, confidential and reliable translation services. They must show robust security protocols, NDAs and other procedures in place with all employees and contractors to guard data and confidentiality.
  3. Use only secure and approved translation software monitored and controlled by the IT department. The software should have security features like encryption, access controls, and audit trails. Make sure it’s regularly updated.
  4. Educate employees on the risks of using online translation tools and the importance of protecting sensitive data.

The solution : Choosing the right professional translation tool 

”The Shadow Knows” was a long-running old-time true-crime radio show in which each episode was introduced with a question: “Who knows what evil lurks in the hearts of men?”

Turns out, with Shadow IT, it’s not just evil but carelessness. And it lurks not just in men but also in loose company security practices. Especially when it comes to the unmonitored and controlled use of free online translation services, often in violation of protocols and policies.

Do yourself, your organization, and your clients a favor: Choose premium services which maximize confidentiality and ensure security. It’ll save you, in the short and long run.

Best yet: work with a security-focused, regulation-savvy, AI-powered machine translation company which knows exactly how to counter the risks of Shadow IT with automated systems, best practices, compliance-consciousness.

Only then dare to come safely out of the shadows.

Know More about SYSTRAN’s Data Compliant tools

Benjamin - Data Security Specialist
3 Min Read
Newsletter Sign-Up
Find all the news and the latest technologies. A magazine designed by SYSTRAN