In the early 20th century, long before “information technology” was a phrase anyone had heard of, coal miners brought canaries into the mines with them because the birds, being warm-blooded and more sensitive than humans to most environmental effects, would become ill from carbon monoxide or other toxic gases found in the mine long before the miners would, giving them a chance to escape or take protective action.
Such “animal sentinels” saved many lives by acting as an early warning system for dangerous conditions that the humans could not sense themselves (carbon monoxide in particular being entirely without scent), and the phrase “canary in the coal mine” came to be used as a general term for something that provides a signal of danger.
“Shadow IT” is a term used to describe systems put in place within organizations without explicit organizational approval. A very simple example would be some team deciding to use their personal Google Docs accounts to track project data in spreadsheets rather than Microsoft Office documents on an internal file share. Shadow IT is generally perceived as a security or privacy risk because the organization doesn’t have the access and auditing controls built into approved solutions.
Nevertheless, Shadow IT is a sign of danger. It’s an indication that approved solutions don’t meet all of an organization’s needs. It should be treated not strictly as a departure from the acceptable path, but as a strong signal that existing solutions are inadequate.