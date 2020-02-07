A few years ago, a survey found that most CIOs thought they had around 30 to 40 apps within their company, but Symantec researchers estimate that the average company actually had at least 1,516 applications – a number that has doubled over a three-fold annual period.

What is in your network?

It is not that CIOs are naive. It’s just that shadow IT is difficult to measure, because employees bring apps down outside the official channels and outside budget tables. To a certain extent, it is even intentionally overlooked, approved, or even encouraged because employees need the right tools to do their job and IT cannot always be there.

Now it seems that CIOs are fighting shadow IT on two fronts. There are user-initiated apps and clouds, and something more insidious – “shadow IoT.”

Shadow IT initiated by the user continues unabated. It can of course be difficult to measure shadow IT, and a supplier, 1Password, has recently left companies to examine a representative sample of 2,119 American adults working in an office with an IT department. The survey shows that 64 percent of respondents report that they have created at least one account in the last 12 months that their IT department “knows nothing about”. For almost a third, 32 percent, this was one shadow account, while 52 percent reported creating between two and five accounts that their IT department knew nothing about. 16 percent exceeded the number of five accounts.

Security is often a side issue, with passwords shared informally between end users.

The use of shadow IT by business end users has mixed benefits, apart from security issues, they can empower and increase productivity. However, IoT may not be so forgiving – and we’re just beginning to understand its scope. Research by Infoblox shows that in 2019, most companies (78 percent) had more than 1,000 connected devices on their corporate network. This can be laptops or tablets that are supplied or managed by the company. More than a quarter (28 percent) of respondents reported having 1,000 to 2,000 connected devices, while nearly half (48 percent) of organizations had between 2,000 and 10,000.

About 80 percent of IT leaders reveal that they have identified shadow IoT devices – such as unauthorized wireless access points – that are connected to their infrastructure. At least 46 percent have detected up to 20 shadow IoT devices on their networks in the last year, and more than a quarter (29 percent) of organizations have seen more than 20. Some saw no fewer than 50.

IoT devices have an enormous attack surface. Recently, Check Point researchers identified smart light bulbs – which are likely to be installed massively, with little supervision from IT managers – as an easy access point for hackers.

It seems that most organizations take the risk very seriously and as a result have set up policies to protect against external threats. Eighty-nine percent have at least a certain security policy for personal IoT devices connected to their network. The authors of the Infoblox report also suggest understanding the changing ecosystem. “Because the risk ecosystem is changing at such a fast pace, organizations need to adjust their security habits. IT managers must stop and take into account the broader changing needs of the company. By reconsidering the approach to network security, organizations will always take a step for remaining cyber threats. ”