CC&G Week 6 Posting - Shadow IT

 Shadow IT

     As technology has become more accessible, organizations have opened the door for employees and users to integrate personal devices into their workflow. While this makes access to resources more convenient, it poses a significant security risk if left unchecked. Shadow IT is the term used to describe devices, software, or applications used by employees without the knowledge of the IT or cybersecurity team. 

   Shadow IT includes all forms of IT-related activities and purchases that the IT department isn't involved in (Cisco). Shadow IT can consist of hardware, servers, PCs, packaged software, and cloud services. Cloud services are the most prevalent form of shadow IT, as users can install them easily without the IT or cybersecurity team knowing. 

    The risk of shadow IT comes from the gap in security. Cloud Access Security Brokers (CASBs) are the key to filling that gap. CASBs monitor user behaviors and cloud application access for risk and unauthorized access. While some devices or applications might be harmless, some can access files or other resources. It is essential for IT and cybersecurity teams to be aware of the potential risks and to keep organizations secure. 

Source:

https://www.cisco.com/site/us/en/learn/topics/security/what-is-shadow-it.html