Shadow IT is a gateway for a cybercriminals company that returns like a boomerang

Many companies face the consequences of Shadow IT every day, often without realizing it, but the fight with this phenomenon does not have to be difficult . Shadow IT is based on the fact that the company's employees use unapproved programs and applications on devices that are connected to the company's network. Importantly, Shadow IT has been growing spectacularly in recent years. According to the Skyhigh survey, as many as 72% of managers did not realize the scale of this phenomenon in their companies, and it is significant - over 1,000 applications in the cloud are used in an average company from the financial sector. This is 15 times more than estimated by the IT departments of companies participating in the survey. In turn, according to Gartner's forecasts by 2020, every third successful cyber attack directed against the company will be carried out using the so-called Shadow IT.

Where does Shadow IT come from?

Why do employees go for solutions other than those approved by the company? This question is answered by a Fortinet expert:

Employees find applications or programs that help them more efficiently perform their daily tasks. If the IT department in the company is not aware that such solutions are used, it is not able to effectively manage them and ensure the organization's safety.

- comments Jolanta Malak, regional director of Fortinet on Poland, Belarus and Ukraine.

The main threats related to Shadow IT relate to data management. When creating a cybersecurity strategy, you should know what company's data is and where it is stored. Shadow IT makes it difficult to determine this. In addition, data may not be updated as often as data from official databases. As a result, employees using data stored in the shadow can conduct business operations based on outdated information, thus jeopardizing the security of the entire organization.

Other results from Skyhigh are also alarming. Only 7% of applications in the SaaS (Software-as-a-Service) model meet security standards for enterprises. This means that applications used by employees may not meet the requirements for updates, available patches or data encryption.

The consequences associated with Shadow IT are more serious in the case of companies providing financial services. This is due to the amount of sensitive data they administer and strict regulatory standards. Fortinet experts point out that with the development of IT infrastructure, the financial sector must constantly expand knowledge about the risks associated with Shadow IT, as well as be aware of ways to reduce it.

Securing Shadow IT

It is true that organizations are trying to minimize the scope of Shadow IT, but it is unlikely that it will completely eliminate this phenomenon. In the first place, companies should provide employees with appropriate tools to work so that they do not have to look for additional applications that better meet their needs. Another thing is training employees and raising their awareness. Often, they do not need to be aware of the fact that the program they installed may reduce the cyber security of the company.

Bearing in mind the scale of the Shadow IT phenomenon, network administrators and IT departments should update security measures and improve the visibility of traffic flowing in the network. You will also need appropriate hardware solutions, such as firewalls, cloud access protection solutions, internal network segmentation, and software for end devices.


Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.