Despite years of modernization initiatives, CISOs are still contending with an old-school problem: shadow IT, technology that operates within an enterprise but is not officially sanctioned — or on the radar of — the IT department. Unvetted software, services, and equipment can be nightmare fuel for a security team, potentially introducing a lurking host of vulnerabilities, entry points for bad actors, and malware.
In fact, it is as big a problem as ever and may even worsen. Consider the figures from research firm Gartner, which found that 41% of employees acquired, modified, or created technology outside of IT’s visibility in 2022 and expects that number to climb to 75% by 2027. Meanwhile, the 2023 shadow IT and project management survey from technology review platform Capterra, found that 57% of small and midsize businesses have had high-impact shadow IT efforts occurring outside the purview of their IT departments.