Shadow IT in travel refers to the unauthorized use of software, devices, and applications without IT department oversight—a crisis quietly draining productivity across the industry. UK employees lose approximately 7 hours per week to shadow work tasks like booking trips, filing expenses, and chasing approvals, according to TravelPerk data. For a 1,000-person company, that translates to roughly 7,000 lost hours weekly. The problem persists because travel workflows remain fragmented, forcing employees to cobble together tools for booking, expenses, and spend management.
Key Takeaways
- UK employees waste 7 hours weekly on shadow work tasks; refocusing takes 11 minutes per context switch
- A 1,000-person firm loses approximately 7,000 hours weekly to shadow IT inefficiencies
- Shadow IT creates security gaps, compliance risks, and duplicate subscriptions across organizations
- AI-native platforms can automate 67% of non-core shadow work including travel booking and expenses
- Detection tools like SASE and CASB, combined with clear policies, are essential for regaining control
Why Shadow IT in Travel Is a Bigger Problem Than Most Realize
The travel sector faces unique vulnerabilities. Legacy systems, unconnected platforms, and horizontal SaaS solutions not tailored to tour operators or destination management companies create gaps that employees fill with whatever works—often unsanctioned tools. This fragmentation is not just inefficient; it is dangerous. Shadow IT introduces security blind spots where data lives in apps IT cannot monitor, creates duplicate subscriptions that waste budgets, and leaves companies exposed to compliance violations. When employees use personal devices or unauthorized cloud services to handle sensitive travel data and expense information, the organization loses visibility and control.
The productivity math is brutal. Beyond the 7 hours lost weekly to shadow work itself, employees spend 11 minutes refocusing after each task switch. In a large organization, these context switches compound into staggering losses. The real cost is not just time—it is the security debt companies accumulate without knowing it. A single employee using an unsanctioned expense app, a booking tool without encryption, or a collaboration platform outside the approved ecosystem creates a vulnerability that multiplies across the workforce.
Shadow IT in Travel: Detection and Policy Framework
Solving shadow IT requires a three-layer approach: detection, policy, and replacement. First, companies must identify what they do not know. Tools like Secure Access Service Edge (SASE) combined with Cloud Access Security Broker (CASB) capabilities provide visibility into unauthorized applications and enable blocking of non-compliant services. These platforms work alongside zero-trust access models and web filtering to create a security perimeter that does not depend on trusting the network.
Second, policies must be clear and enforceable. Define which third-party apps and devices employees can use, specify security requirements for approval, list disallowed services, and outline consequences for noncompliance. The key is simplification: pre-vetted tool lists and streamlined submission portals lower friction so employees request approval instead of working around restrictions. Third, companies must encourage open communication. Create formal channels for employees and managers to request tools early, discuss workflow gaps, and resolve problems before unauthorized adoption takes root.
The most overlooked step is making approved tools actually usable. Many organizations deploy compliant platforms that are slower, less intuitive, or less feature-rich than the shadow tools employees prefer. Regularly evaluate sanctioned applications for alignment with workflows, retire outdated systems, and expand capabilities to address legitimate user needs.
The Unified Platform Solution for Travel
Perk (formerly TravelPerk) demonstrates a different approach: consolidation. The platform unites travel booking, expense management, invoicing, and team event coordination into a single AI-native system, automating 67% of non-core shadow work. This matters because fragmentation is the root cause. When employees must toggle between a booking system, an expense app, a coding tool for invoices, and an approval workflow, they lose time and create data silos. A unified platform with global rule-setting capability allows companies to enforce policy once and apply it everywhere.
This approach addresses the specific pain point in travel: legacy systems, unconnected platforms, and horizontal SaaS tools that do not fit the tour operator or DMC workflow. Instead of asking employees to adapt to disconnected systems, a tailored travel platform creates seamless data flow without manual checks or duplicate entry. The business case is simple—if a company loses 7,000 hours weekly to shadow work, even a 30% reduction in that waste justifies investment in a better system.
SaaS Management Platforms: Visibility and Control
Beyond travel-specific tools, companies need SaaS Management Platforms (SMPs) to gain visibility into total SaaS usage across the organization. SMPs provide centralized tracking of subscriptions, spending, license management, contract oversight, and security posture. Without visibility, companies cannot know how many duplicate tools are running, which services are underutilized, or which applications pose security risks. SMPs solve that blind spot by creating a single source of truth for all software spending and usage.
How Should Companies Prioritize Shadow IT Controls?
Start with policy and communication, not enforcement. A company that bans tools without offering better alternatives will drive shadow IT deeper underground. Define clear policies, create pre-vetted tool lists, and establish a simple approval process. Parallel to that, deploy detection tools like SASE and CASB to identify what is already in use. Finally, invest in replacing fragmented systems with platforms designed for your workflow—in travel’s case, a unified solution that handles booking, expenses, and approvals eliminates the need to shadow-source workarounds.
What Are the Main Security Risks of Shadow IT in Travel?
Shadow IT creates three critical vulnerabilities. First, data lives in unsanctioned apps outside IT’s security perimeter, increasing breach risk and compliance exposure. Second, employees may use personal devices or unencrypted services to handle sensitive travel and expense data. Third, companies lose audit trails and cannot enforce data retention or deletion policies on shadow tools. In travel, where booking data, expense records, and traveler information are sensitive, these gaps are particularly dangerous.
Can AI Really Automate Two-Thirds of Shadow Work?
Perk claims its AI-native platform automates 67% of non-core shadow work, including travel booking, expense filing, invoice coding, and approval chasing. The claim is specific to routine, rule-based tasks that do not require judgment. Booking a flight within policy parameters, categorizing an expense, or matching an invoice to a purchase order are tasks AI can handle reliably. However, this figure comes from the vendor and lacks independent verification. The realistic takeaway: AI can eliminate a significant portion of repetitive shadow work, but not all of it. The remaining 33% still requires human judgment or approval.
Shadow IT in travel is not a technology problem—it is a workflow problem. Employees use unauthorized tools because approved systems are slow, disconnected, or unsuitable for their needs. The solution is not to clamp down harder; it is to understand why shadow IT exists and replace fragmentation with coherence. Companies that tackle this challenge will reclaim thousands of hours weekly and eliminate a major security liability in the process.
Edited by the All Things Geek team.
Source: TechRadar
