Teams want to adopt new cloud services, SaaS applications, and other information technology, but often feel the procurement processes implemented by the IT department and CIO are too onerous or slow. According to Gartner, 38 percent of technology purchases are managed, defined, and controlled by business leaders rather than IT. But even with a formal BYOD program in place, IT teams often lack visibility into the software and services employees use on BYOD hardware, and it can be difficult to enforce IT security policies on employees’ personal devices.īut shadow IT isn’t always the result of employees acting alone-shadow IT applications are also adopted by teams. Organizations’ bring your own device (BYOD) policies permit employees to use their own computers and mobile devices on the corporate network. Software-as-a-service (SaaS) enables anyone with a credit card and a bare minimum of technical knowledge to deploy sophisticated IT systems for collaboration, project management, content creation and more.
This has only increased with the consumerization of IT and, more recently, with the rise of remote work. According to Randori’s State of Attack Surface Management 2022 report, nearly 7 in 10 organizations have been compromised by shadow IT in the past year.Īccording to Cisco, 80 percent of company employees use shadow IT. Individual employees often adopt shadow IT for their convenience and productivity-they feel they can work more efficiently or effectively using their personal devices and preferred software, instead of the company’s sanctioned IT resources.
Shadow IT is particularly prone to exploitation by hackers. Because the IT team is unaware of shadow IT, it doesn’t monitor these assets, and doesn’t those assets or address their vulnerabilities. But despite these benefits, shadow IT can pose significant security risks. It refers only to unsanctioned assets deployed by the network’s authorized end users.Įnd users and teams typically adopt shadow IT because they can start using it without waiting for IT approval, or because they feel it offers better functionality for their purposes than whatever alternative IT offers. Shadow IT does not include malware or other malicious assets planted by hackers. Sharing work files on a personal Dropbox account or thumb drive, meeting on Skype when the company uses WebEx, starting a group Slack without IT approval-these are examples of shadow IT. Shadow IT is any software, hardware or IT resource used on an enterprise network without the IT department’s approval and often without IT’s knowledge or oversight.
0 kommentar(er)
