Most organizations are exposed to unknown and unnecessary risk through shadow IT. Shadow IT simply refers to any hardware, software, service or technology which is being used without knowledge or authorization from the IT department. For example, a manager may direct a team to share files via a personal DropBox account, or an individual might install a router or switch at their desk to obtain more network connections. In some cases the hardware or software itself may pose a risk, but generally speaking the threat of shadow IT arises simply from the fact that there are unknown and unmanaged technologies connecting to the network.
The Internet of Things creates a new IoT security concern: shadow IoT. Take the same concept as shadow IT, and multiply it exponentially as the types and volume of IoT devices proliferate faster than an organization can keep up. Employees may bring in webcams, smartwatches, connected speakers, fitness trackers, and other devices and sensors that could adversely impact the network or potentially expose the network and your data to unknown and unnecessary risk. Each one of those devices may contain vulnerabilities that can be exploited by attackers, but you can’t defend and protect devices or applications you aren’t even aware of.
IoT security is challenging enough. Guarding against attacks on shadow IT devices or technologies you don’t realize are on connected to your network in the first place is virtually impossible. Well-defined and enforced policies regarding the use of personal devices and technology, combined with comprehensive visibility to detect and identify rogue devices can help you defend against shadow IoT.