Hi Jenna,
Marketing department need a new web site. They work with an external PR agency to create one. PR agency creates a basic hosted web site, but a new domain on behalf of the customer and the site starts working. (Already shadow)
Later on, the marketing department decides to connect the web site to some other company system for better user experience. They are using their own users without notifying IT department. Now company data is integrated to uncontrolled external system which is legally owned by the company. IT has no idea about this. (Hence very shadow)
They will most probably learn about it after the site is hacked. (Horror story)
------------------------------
Murat L
President
Lostar
------------------------------
Original Message:
Sent: Jun 10, 2021 10:38:36 AM
From: Jenna Morrison
Subject: Shadow IT Examples?
Hello :)
In the CCAK training, Shadow IT comes up quite frequently as an example of a risk, especially when talking about auditing compliance and governance programs.
I was wondering if someone could provide some examples of Shadow IT that commonly occur within companies?
------------------------------
Jenna Morrison
Training Department Intern
Cloud Security Alliance
------------------------------