Shadow IT’s Impact on Organizational Risk

Back to Resources
Posted by: Category: Blog, Cyber Security Post Date: October 31, 2017

Shadow IT Incidents

Shadow IT, once limited to unapproved Excel macros and boxes of software purchased at office supply stores, has evolved from its humble beginnings. Shadow IT is now a significantly more complex problem requiring specialized services and technologies.

Fortunately for those on the defense, use of Shadow IT is most often not malicious, but rather the result of an employee just trying to get work done. Furthermore, the employee is often unaware that their well-intended actions are increasing their organization’s risk exposure.

Shadow IT is challenging to contain under the best of circumstances, but more so if the C-Suite itself is using Shadow IT services. To combat Shadow IT, Gartner has recommended that Federal Agencies utilize the services of a CASB (Cloud Access Security Broker) to enforce security, compliance, and governance across the thousands of cloud services being consumed. Shadow IT assessments for federal agencies frequently uncover agency data being uploaded to anywhere between 1500 and 3000 cloud services. Of those, 40 to 60 are extremely high-risk sites based in geographic regions such as Russia, China, and North Korea.

Lately, Inspectors General have been auditing employee usage of Shadow IT applications using good old “feet on the street” methods.  This has resulted in high-visibility reports, which often shine a light on gaps in the IT department’s security programs.

Don’t be reactive and settle for basic compliance.  It is critical for your organization’s security to have a partner like Swish with the resources to identify, contain, and prevent the use of Shadow IT.

Call to Action:

  • Ask your security team what they are doing today to identify and contain Shadow IT.
  • Learn what sanctioned cloud applications your organization is using and what is being done to secure your data.
  • Ask if there is an initiative to secure your cloud data
  • Contact your Swish representative to schedule a cloud security assessment or independent validation and verification.

Discover how Swish can help you prevent, detect, and mitigate Shadow IT in your environment – schedule a demo today by your Swish security team at (703) 635-3324 or email

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Resources