In the early 20th century, long before “information technology” was a phrase
anyone had heard of, coal miners brought canaries into the mines with them
because the birds, being warm-blooded and more sensitive than humans to most
environmental effects, would become ill from carbon monoxide or other toxic
gases found in the mine long before the miners would, giving them a chance to
escape or take protective action.
Such “animal sentinels” saved many lives by acting as an early warning system
for dangerous conditions that the humans could not sense themselves (carbon
monoxide in particular being entirely without scent), and the phrase “canary in
the coal mine” came to be used as a general term for something that provides a
signal of danger.
“Shadow IT” is a term used to describe systems put in place within organizations
without explicit organizational approval. A very simple example would be some
team deciding to use their personal Google Docs accounts to track project data
in spreadsheets rather than Microsoft Office documents on an internal file
share. Shadow IT is generally perceived as a security or privacy risk because
the organization doesn’t have the access and auditing controls built into
Nevertheless, Shadow IT is a sign of danger. It’s an indication that approved
solutions don’t meet all of an organization’s needs. It should be treated not
strictly as a departure from the acceptable path, but as a strong signal that
existing solutions are inadequate.