Computerworld May 9, 2024
The many IT risks associated with Shadow IT — and especially Shadow AI and Shadow IoT — are well-known and understandably well-feared. But there is a new form of Shadow IT on the horizon: “Sneaky IT.”
Shadow IT involves an end-user who bypasses IT and the enterprise security people and whips out a payment card to secure services elsewhere. That delivers a variety of unknown threats into the enterprise environment. But what happens when a trusted vendor adds new elements to its service — especially if it’s SaaS — and never mentions it? That poses a similar risk, both of which relate to environment visibility or, in the case of Sneaky IT, the absence of visibility.
This has...