Shadow IT: The Challenge of Efficiency vs Security

By: Absolute Editorial Team | 7/7/2016

As long as computers have been a part of the workplace, Shadow IT has existed. But with the rise in mobility and cloud technology, it’s become a growing threat you cannot ignore. Shadow IT, in its simplest definition, is the use of any technology or service for work without the knowledge of IT. Personal devices that are not monitored by IT or governed by BYOD policies, the use of personal cloud services, unmonitored apps, and even emailing files around: all Shadow IT and all tied to the Insider Threat, to people inadvertently, unknowingly or maliciously putting data at risk.

Why the Threat is Growing

As much as 45% of data is held on the endpoint, often unprotected by even the most basic security policies. And the threat of Shadow IT is growing. Employees who are keen to keep working with the best tools possible are often unaware of how their actions jeopardize the security of the company. In a new article on Security Today, I dive into this topic: Shadow IT: Balancing Efficiency with Security.

The proliferation of devices per user, the use of cloud devices, and the disregard for security policies—even by IT professionals themselves—has made the Insider Threat an organization’s greatest vulnerability. We know that bad behavior, human error and social engineering are often at the root of data breaches. With Shadow IT, these actions to occur either on or off the corporate network, with the same devastating consequences. However, while the threat is rooted in people, so is the solution.

In the article, I offer some of the following tips:

  • Listen to your employees, to better understand what tools they need
  • Educate employees on an ongoing basis, so they understand what is expected of them and what the risks are
  • Include real-world consequences for the exposure of corporate data
  • Make clear what applications are supported (or not), to keep employees informed
  • Patch known vulnerabilities
  • Make sure IT has oversight over all corporate networks, devices and data with a formal response plan if a security incident occurs. Look for technologies that include automated alerts and remote capabilities to neutralize threats (such as we offer with Absolute DDS)

Read the full article for more details on these recommendations. Absolute can help you monitor and protect against malicious and negligent insiders, regardless of user, location or whether they’re on or off network. Learn more at

Financial Services