A modern security organization has a lot of moving pieces, but security executives can only deal with what they can see. Shadow IT, information technology systems built within organizations without approval, becomes a reality only as organizations grow and expand internationally. It can be difficult for IT and information security teams to control or have knowledge of all the developers and business leaders within their firms, and they can lose sight of all the projects that are being worked on and developed.
In an article published in Infosecurity Magazine, David Dunn, Deputy Chief Information Security Officer at Duff & Phelps, highlights shadow IT as a perennial blind spot that exposes organizations to unknown risk. David brings to light that organizations are vulnerable both from an infrastructure security perspective and through vulnerable code that they didn’t know existed. He further shares the major factors that lead to shadow IT and the best practices to mitigate such threats.
Read the full article here.