Gartner defines Shadow IT as IT devices, software and services outside the ownership or control of (IT) organizations.
Given that information processing facilities or information containers are no longer centralized, the shadow IT is a common phenomenon. Each one of us has a cellular phone that is indeed a powerful information processing facility and large storage device in the pocket.
The extensive connectivity and cloud computing via access anywhere and any platform model further accelerate this situation. Cyber risks are incurred to different degrees. Various protection technologies are surfaced in the market: Mobile Device Management, end point lock down, cloud-based proxy, Data Leakage Protection, disk encryption and so forth; but they are never bullet proof.
Organization needs to think about enablement (as well as empowerment) rather than prohibitive thru streamlined approach. Policy formulation, usage guidance, risk management, user awareness and enforcement via disciplinary process are required to minimize the impacts.