Shadow IT can cause big problems for cybersecurity. The trouble is in the name: these connections exist in the shadows outside of IT (information technology) and security personnel’s knowledge.
So, what can IT leaders do to address it in a time of growing remote workforces?
What is Shadow IT?
Shadow IT consists of information technology connected to the network without the IT department’s knowledge or approval. Maybe people from other departments bypass IT personnel and connect unapproved assets. Shadow IT could be hardware, software, web services or cloud applications that do not fall under the IT department’s purview.
Employees bring shadow IT into the organization for a variety of reasons. They might feel that approved software and services are less effective than alternate resources. Those sanctioned solutions could also be more difficult to work with, in employees’ minds. Finally, there’s simply the chance that people don’t understand the risks that come with connecting shadow IT to the network.
Risks of Shadow IT
Shadow IT comes with a fair share of cybersecurity costs to an affected group. For one, IT personnel can’t monitor these connected devices if they don’t know about them. These products thereby increase attack surfaces without allowing IT to take defensive measures. If IT doesn’t know the product exists, they can’t apply updates to fix security risks. These gaps open space for malicious actors using those devices to gain access to systems and steal data.
Shadow IT could also threaten data security in the future. This is due to the fact that these devices are wholly dependent on whoever purchased and deployed them. When that person leaves, the group won’t know that they might have used an una ..
Support the originator by clicking the read the rest link below.
