Shadow IT: Your Bible


If you have worked in IT for long enough, you would have stumbled across a handful of things that you know the user definitely shouldn't have. Well, that was likely "shadow IT". I describe shadow IT as "Anything technology related within a consistency that is not authorized by the service provider". This description is as broad as possible because that is the reality of shadow IT it exists in basically any form and as an IT service provider, the instructions and objectives given to you by executives are also likely equally as broad ("if it runs on electricity, it's your problem").

Below I've listed some key points that everyone should consider when thinking about Shadow IT:

  1. Tackling shadow IT is a never-ending battle. You need to be vigilant and always looking for improvements
  2. It's a human problem if your company hires humans, you have shadow IT.
  3. Decreasing friction and improving the relationship between the service provider (You) and users is the most effective way to minimize shadow IT.
  4. You need to understand what exists where through mechanisms that can't be bypassed. Instead of importing your excel sheet of NetBIOS names into an asset inventory tool, scan all your IP ranges. Find these bottlenecks in your consistency and exploit them. You will be shocked by how much unknown stuff you find.
  5. Tools like WDAC and App locker are great if you're just starting to tackle the problem. 
  6. Don't villainize yourself by snapping at users you catch with shadow IT. Understand why it exists and what you can do to provide an appropriate alternative.
  7. Because you're always going to have Shadow IT take a risk-based approach and tackle the stuff that poses the most danger even if it's easier to remove that weird app Janet in finance uses.
  8. Once you have a strong understanding of what's in your consistency explore more 'heavy-handed' technologies like Network access control. You can use these technologies to mitigate while you solve the problem.
  9. Don't get trapped into thinking Shadow IT is all about software and hardware users set up themself. With the move to working from home, there's been an explosion in the use of cloud services.
  10. Shadow IT can be the by-product of some amazing innovation consider point 6 very carefully.


Endpoint on Adrenaline : One

Brilliance in the Basics


Endpoint on Adrenaline 3

Writing detections when stuck with EDR

Endpoint on Adrenaline Two

Investigate Two

Standardized Note Taking Format For Analysts

Securing your estate: The First Step

Attack Simulations for your SOC