Data Loss Prevention Blog

Shadow IT – What Lurks in the Shadows Should Scare You!

As every child knows, what lurks in the shadows can be very scary. Fortunately, once we get older, we usually put such childish notions to rest. But out of the darkness has emerged something even more menacing for IT and data security professionals: Shadow IT.

Shadow IT can be defined as information technology systems and processes built and used inside organizations without explicit organizational approval. Most often, they are ad-hoc “work arounds” that employees have created themselves in order do their jobs more effectively.

The rapid rise of Shadow IT is having a very significant impact on an organization’s data security, and here’s why.

When it comes to data breaches, as security surveys point out year after year, the majority of breaches are endpoint initiated and are most often caused accidently by trusted insiders (and not from malicious hackers, as many would like you to believe).

To stop data breaches, a lot of companies focus on policies and training. However, policies can be misinterpreted, too complex, or even counterproductive to a company’s or employee’s normal business practices and productivity. The common result is that data security policies are only loosely followed, intentionally ignored, or are just too confusing to the point that employees do not know how to do their jobs without contravening the policy.

Employees, especially the technically savvy ones, often turn to their own workarounds, or Shadow IT, and circumvent their employers' established security measures through unapproved practices and software.

For example, a diligent hospital employee may plan to work late to finish a time-sensitive project and send a spreadsheet containing personal health information to their personal Dropbox account or simply copy the file to an unauthorized USB drive. Both actions are likely prohibited by their organization’s stated policy, but are not sufficiently enforced. While their intentions are good, the consequences can be disastrous if the data is lost, stolen or hacked.

The reality is that a written data security policy without technology-based monitoring and enforcement is doomed to fail.

And that’s where DeviceLock’s data leak prevention (DLP) solutions come to the rescue. We focus on the endpoints, where the most frequent, inadvertent, and malicious data breaches occur; and then provide easy-to-configure software solutions that tackle the problem at the typical source of the breach: the employee’s Windows or Macintosh endpoint PC.

Whether your trusted employees are copying sensitive information to external media or uploading it via various cloud-based storage and email services, DeviceLock can provide the technology based enforcement to augment your established IT policies. For the Windows platform, we can even analyze the content of the actual data in the file, whether it’s at rest or in motion, to ensure an even higher level of data leak prevention.

It’s nearly impossible to stop your staff from trying to circumvent your organization’s data security policy via Shadow IT. However, by implementing DeviceLock’s DLP solutions, you can rest assured that what’s lurking in the shadows won’t turn into a front-page data breach nightmare.

If you’d like to trial the DeviceLock DLP Suite for 30 days, please visit our website at: For more information on DeviceLock’s DLP solutions, call us at 925-231-4400 or email to us.sales (at) to talk to one of our endpoint security specialists.