Light Dark
March 30, 2017 By Mike Spradbery 2 min read
Cloud Security

Shadow IT is still a challenge for organizations. With the constant introduction of new productivity and communication tools, as well as the adoption and evolution of existing services, users are more inclined to collaborate outside of IT-sanctioned applications. It is often easier to share information using one of the apps already integrated on our phones than it is to upload it to a corporate system. But this can be risky.

Scared of Your Own Shadow?

Using a public cloud service to share what may seem like a mundane photo of a whiteboard covered in sticky notes, for example, could result in a company’s next wave of innovative ideas being stored in an insecure manner. Add to this risk the challenges of compliance and auditing, and shadow IT can become a big problem.

But unsanctioned cloud apps do enable users to be more efficient, which presents two problems. First, attempting to block access to unsanctioned services is a poor a long-term solution because people will find ways around whatever barriers you put in place. Secondly, we want our users to be efficient, and that may mean leveraging some of these cloud apps.

Building a Successful Shadow IT Strategy

It is important for IT leaders to be realistic about shadow IT, which includes everything from cloud services to bring-your-own-apps for mobile devices. It’s impossible to completely control what users are doing, but a successful strategy should include these three critical steps:

  1. Educate users on how to handle corporate data. Make sure they understand the risks of using public shared services and their responsibility to ensure that confidential, valuable or personally identifiable information (PII) is stored properly.
  2. Provide users with the tools they need. By offering a range of high-quality, approved apps, you decrease the need for users to look elsewhere.
  3. Monitor what’s going on in your organization. You need to have visibility into what services are being used, by whom, how often, for what sorts of data and how much it costs. Control access to insecure services and learn what users really need by looking at demand.

As users become increasingly tech-savvy, shadow IT will continue to exist. The potential risks can be managed with good education, alternative tooling and careful monitoring.

Learn more about IBM Cloud App Analytics

 |  |  |  |  |  | 
Mike Spradbery
Security Technical Manager, IBM

More from Cloud Security
January 22, 2025

2024 Cloud Threat Landscape Report: How does cloud security fail?

4 min read - Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.Not surprisingly, many organizations find keeping a robust security posture in the cloud to be exceptionally challenging, especially with the need to enforce security policies consistently across dynamic and expansive cloud infrastructures. The recently released X-Force…

January 8, 2025

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

3 min read - IBM’s X-Force team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks.One of the key takeaways of this year’s report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms being mentioned across dark web marketplaces. While this trend potentially points to more cloud platforms increasing their defensive posture and limiting the number of exploits or compromised credentials that are surfacing,…

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature