Twenty years ago, the purchasing, implementation, and control of technology within organisations was centralised through your IT department, making control of systems and data a more straightforward process.

In the modern era of cloud computing, BYOD and automation, those days are long gone. Technology spend is now distributed across the organisation, with departments making use of cloud-based services they feel will help their needs, often with no IT involvement.

Whilst this approach can improve speed to market, many applications and devices go unnoticed by IT, and this is what we define as Shadow IT.



Shadow IT describes any technology used by departments or individuals that haven’t been reviewed and approved by the organisation’s IT department. In fact, for many large enterprises, up to 40% of their technology spend sits outside of the CIO’s view.

Some examples include:

  • A department that sets up a cloud-based file share to send digital files to outside agencies.
  • Employees are sharing files amongst their team using messaging apps like WhatsApp or Messenger.
  • A marketing team creating client-facing material using a cloud-based graphics design suite.

In the above examples, employees have not been aiming to do the wrong thing by the company; in fact, they are picking technologies to streamline their business processes. However, this means IT has not reviewed the safety requirements or potential cyber vulnerabilities of these undocumented solutions, and the data being used. This can leave your organisation with significant risk and can result in costly consequences.


What is the Security Risk of Shadow IT?

With solutions being implemented by various segments of the enterprise, that do not have an understanding of cybersecurity risk, it is easy to see that security gaps can occur. IT cannot apply their standards to solutions they have no visibility of, opening the organisation to cybercriminal behaviour and data leakage.

Data breaches have soared since 2019, especially given the working from home issues in 2020 caused by the COVID-19 pandemic. Without the ability to see what cloud services, devices and applications exist, IT has little chance of ensuring compliance with standards, and this opens the organisation up to cyber risk, licencing, and support issues as well as data privacy regulations.

Additionally, many small purchases mean that the business does not effectively use their economy of scale, which dramatically increases the cost of doing business.


FortiSIEM as an effective capture tool.

You cannot manage what you cannot measure, and whilst a SIEM solution cannot prevent all issues, it can pick up on unusual or unexpected network traffic and security alerts.

To this end, a tool like FortiSIEM can act as a logging engine, keeping a record of the applications and traffic utilising the network, looking for suspicious activity.

Fortinet’s User and Entity Behaviour Analytics (UEBA) technology protects organisations from insider threats and shadow IT by continuously monitoring users and endpoints with automated detection and response capabilities. It utilises machine learning and advanced analytics through FortiInsight to automatically identify non-compliant or suspicious behaviour, then alerts you of compromised user accounts.

This approach to threat detection delivers a proactive layer of protection and visibility, whether users are on or off your corporate network. Once alerted IT can identify the application, the user/IP address and start the process of identifying shadow systems.


CT Can Help

As a Fortinet partner, CT will advise on the right mix of Fortinet products to ensure your business processes, data and infrastructure are kept safe and secure. If you need help, advice, or a complete managed solution, speak to us today.