Shadow IT is the use of IT related hardware or software by a department or individual without the knowledge of the company or organisation’s IT or InfoSec department within the company. It could include cloud services, software and hardware, essentially any unknown features or infrastructure that is deployed without approval.
Shadow IT is one of the main issues with the rapid adoption of cloud-based services, and this has accelerated it’s growth. Users have become accustomed to downloading and using apps and services from the cloud to help them do their jobs, and often take matters into their own hands installing and using unsupported software or implementing their own hardware solutions.
Different Types of Shadow IT
What are the different aspects of shadow IT?
Shadow IT includes all forms of IT-related activities and purchases that the IT department isn’t involved in. These purchases can consist of:
- Hardware: Servers, PC’s, Laptops, Smart Phones etc
- Software: COTS Software
- Cloud Services: SaaS, IaaS, PaaS etc
What is Security Risk from Shadow IT Applications?
Hundreds of applications are in use at the typical organisation, and the lack of visibility into the apps in use represents a security gap. Although some applications do not pose a threat, some applications may include functionality such as file sharing and data storage, and/or collaboration, which could present security risks for an organisation and its data. An organisations IT and security departments need to see what applications are being used and what risks they pose.