THREATS POSED BY SHADOW IT
Data theft
Many of the controls that organisations apply to devices and services (such as encryption and allow/deny listing) are unlikely to be applied effectively on shadow IT. Protecting data is a concern as you can’t be certain where your data is, where it is being processed, or where it ends up. If you don’t have control of the services processing data (or devices that hold data), you can’t be sure appropriate backups are being made. This can expose an organisation to threat of ransomware, legal issues around data handling, reputational damage and recovery costs.
Exploitation of services or devices
Controls such as well-configured firewalls, application allow listing, antivirus software and multi-factor authentication (MFA) can help to reduce the risk of compromise. For shadow IT, you can’t assume that these controls are in place. This applies not to just traditional work devices (such as phones, laptops and PCs), but also embedded devices that have an internet connection that have been set up (for example) by a building manager. This can expose an organisation to the threats from malware (including ransomware), network monitoring, and lateral movement.
Organisations benefit from working with Business Technology Leaders across the United Kingdom as we work flexibly to drive your innovation with our deep understanding of technology and learnings across industries. Expert support helps businesses to change nimbly with speed and confidence while pulling away from competitors. If you want to know more visit https://businesstechnologyleaders.com/soln/strategy/ or contact me ([email protected]) today for a confidential and impartial discussion on how we can add value to your business.