Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Shadow IT: A Growing Global Threat

Shadow IT is widely recognized in the U.S. as a growing security concern, but does the same hold true in other countries? The short answer is yes. According to research from Tenable Network Security, more than half of IT decision makers in UK and German organisations acknowledge shadow IT as a major problem, and the majority of respondents (88%) feel shadow IT makes them more vulnerable to cyberattacks.

Shadow IT is a major problem

The report, State of Security Survey Results, conducted by Vanson Bourne on behalf of Tenable, surveyed 400 IT security decision makers in Germany and the UK across all sectors including healthcare, financial services, government and energy to better understand global trends in cybersecurity and the pain points associated with shadow IT.

Widespread use of shadow IT

Based on the survey results, 55% of UK respondents and 57% of German respondents report shadow IT has been introduced into their organisations’ environments. And 38% of UK respondents and 50% of German respondents expect the use of shadow IT in their organisations to increase in the next year.

Of the organisations currently affected by shadow IT, 65% of German IT decision makers report the use of unknown or shadow assets and applications has directly led to a cyberattack within the last 12 months, compared to 45% in the UK.

The most likely departments to deploy shadow IT are engineering, design/R&D and finance

Over half (56%) of respondents say that there are departments in their organisation that have started their own IT projects without the IT department’s support. The most likely departments to deploy shadow IT within German and UK organisations are engineering (30%), design/R&D (27%) and finance (25%).

Distrust from the IT department

Because the presence of unknown or undiscovered assets makes it difficult for security teams to identify and manage the available attack surface, there has been growing distrust from the IT department.

In fact, respondents believe that products and services such as devices for employees to use for work purposes (BYOD) (48%), IT security software/hardware (45%), and servers/other infrastructure hardware (42%) pose a significant security risk to their organisation when used or purchased without the support of the IT department.

Although many IT decision makers are feeling the pains of shadow IT in their organisations, the answer isn’t to restrict access.

Blocking certain cloud applications or shadow assets won’t solve the business problem

One of the biggest reasons people turn to Dropbox for file sharing, Gmail for email or AWS for infrastructure without working with IT is because these services enable them to do their jobs more efficiently and effectively. Blocking certain cloud applications or shadow assets may help eliminate the technology problem, but it won’t solve the business problem.

Embracing the technology

Instead of placing a black mark on shadow IT, security departments should embrace the fact that employees will continue to use these popular services, and implement a security program that enables IT and the business to focus on the overarching goals and encourage innovation.

Good security starts with great visibility. Before any control is put in place, the issues have to be quantified and the risks identified. Tenable gives the IT security team the visibility needed to identify weaknesses on the network and adopt the best approach, whether it be developing a more robust security policy, offering user education or implementing additional controls that lessen the probability of a cyberthreat.

Good security starts with great visibility

For more information on how Tenable provides organisations with the continuous visibility and critical context necessary to effectively protect the network and secure their assets, check out the Unknown and Shadow Assets solution story.

Thanks to Nicole Cieslak for her assistance with this blog.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.