Shadow what is it

Beyond security risks, shadow IT can also waste money if different departments are unknowingly purchasing duplicate solutions. Despite its risks, shadow IT has its benefits. For many employees, IT approval is a bottleneck to productivity, especially when they can get their own solution up and running in just minutes.

Finding a middle ground can allow end users to find the solutions that work best for them while allowing IT to control data and user permissions for the applications.

Skip to main content. Cyber Edu. What is Shadow IT? Share LinkedIn. Shadow IT Defined Shadow IT is the use of information technology systems, devices, software, applications, and services without explicit IT department approval.

Instead of seeing Shadow IT as a threat, Ralph Loura sees it as an opportunity to leverage employees to identify the applications they want to use so that IT can enable the ones that have gained traction and are enterprise-ready.

To the degree that they discover these applications or services that make their jobs easier, that make them more efficient at selling or better at running a supply chain or better at sourcing talent, then everybody wins. Unfortunately, legacy management and security products just don't have the visibility to find, understand, or control cloud service usage and risk, leaving IT flying blind. When IT examines the use of cloud services across the organization, they generally find Shadow IT is 10 times more prevalent than they initially assumed.

The average organization today uses over 1, different cloud services, derived from anonymized usage from over 30 million users across over enterprises using McAfee CASB. Often IT departments discover many services in use that they have never heard of before. The number of services and apps has increased, and staff members routinely install and use them without involving the IT group. Empowered users can quickly and easily get tools that make them more productive and help them interact efficiently with co-workers and partners.

Any application that a department or end user adopts for business purposes without involving the IT group is considered a shadow IT application. These applications fall into three major categories:. With the consumerization of IT, hundreds of these applications are in use at the typical enterprise.

The lack of visibility into them represents a security gap. Although some applications are harmless, others include functionality such as file sharing and storage, or collaboration, which can present big risks to an organization and its sensitive data.

IT and security departments need to see what applications are being used and what risks they pose. OAuth-enabled applications are convenient because they use existing credentials. But they also include permissions to access information in the core application Office and G Suite, for example. These permissions increase the attack surface and can be used to access sensitive data from file-sharing and communication tools. They are a blind spot for many organizations.