Shadow IT—unauthorized use of digital tools by educators—is pervasive in educational institutions, posing significant privacy, security, and regulatory compliance risks; yet, the underlying motivations and governance challenges remain underexplored from teachers’ perspectives. Method: A mixed-methods study involving 375 teachers and 21 administrators employed surveys, application inventory coding, semi-structured interviews, and risk attribution modeling. Contribution/Results: This is the first systematic investigation revealing teachers as de facto technology decision-makers whose adoption logic centers on pedagogical utility while diverging from institutional policy. We identified 494 unauthorized applications; only 24.8% (higher education) and 30.3% (K–12) were aware of official policies. Among 22 deliberate violators, just 33 modified behavior post-warning. Three core barriers emerged: policy awareness deficits, lack of compliant alternatives, and behavioral inertia—providing empirical grounding and actionable pathways for teacher-centered IT governance reform.

Educators regularly use unsanctioned technologies (apps not formally approved by their institutions) for teaching, grading, and other academic tasks. While these tools often support instructional needs, they raise significant privacy, security, and regulatory compliance concerns. Despite its importance, understanding the adoptions and risks from the perspective of educators, who serve as de facto decision makers behind unsanctioned technology use, is largely understudied in existing literature.To address this gap, we conducted two surveys: one with 375 educators who listed 1,373 unsanctioned apps, and another with 21 administrators who either often help educators to set up educational technologies (EdTechs) or observe their security or privacy incidents. Our study identified 494 unique applications used by educators, primarily for pedagogical utility (n=213) and functional convenience (n=155), and the associated risks were often ignored. In fact, despite security and privacy concerns, many educators continued using the same apps (n = 62), citing a lack of alternatives or heavy dependence as barriers to discontinuation. We also found that fewer than a third of educators were aware of any institutional policy on unsanctioned technology use (K12: 30.3%, HEI: 24.8%), and 22 knowingly violated such policies. While 107 received formal warnings, only 33 adjusted their behavior. Finally, we conclude by discussing the implications of our findings and future recommendations to minimize the risks.