The Impact of Shadow IT on Security
Sergey Stelmakh | 04/22/2021
The issue of shadow IT has become more pressing with the increasing use of cloud applications that bypass corporate security policy checks. Cyberis Director Gemma Moore discusses the impact of shadow IT on the security of an entire organisation on Information Age .
Shadow IT is invisible to the IT function. It may not be included in enterprise asset lists, meaning it is unaccounted for. These assets may also have no assigned owner, either because they are not a bahamas whatsapp data fit for any department or because they are not tied to any current operational priorities but have not yet been fully decommissioned. Shadow IT typically operates outside of approved processes, bypassing corporate authentication or overriding normal processes.
Any internal network left to its own devices will, over time, accumulate systems and data that should not be there. Typically, organizations allocate a fixed amount of time and resources to build and maintain systems. It is well known that if an organization does not increase its investment in resources over time, these resources are usually spent on maintaining the current business as usual (BAU), rather than on implementing new projects or redesigning the existing infrastructure to accommodate business evolution. When new features need to be introduced, they are most often implemented as quick updates or within the existing system, which minimizes the required investment.
Disjointed decisions made by individuals cause problems to accumulate over time within an enterprise, each with a seemingly legitimate business rationale. When legacy systems are no longer needed, there is sometimes no time to decommission them because attention must shift to developing new functionality.