Shadow IT: A looming security challenge

Please provide the information below to view the online Mobile Security Index Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

Whose mobile device is that? Where did it come from? How did it get connected to our network? Is its operating system up to date? Does it meet compliance requirements? These questions are being asked by security professionals inside many organizations today. And as mobile and IoT devices continually connect to enterprise networks, many organizations face challenges in keeping track of them all.

Out of the shadows

We define shadow IT as the use of hardware or software by a department or individual without the knowledge or oversight of the organization’s IT or security team. Shadow IT adoption takes place across all sectors. With so many organizations prioritizing agility and end-user experiences and too few building universal security policies across locations and device types, there’s fertile ground in many enterprises for shadow IT to grow, creating additional security risks.

Without oversight, shadow IT devices are at high risk of misconfiguration, having out-of-date or unpatched software such as apps and operating systems, or having insecure apps downloaded from an untrustworthy source. As a result, end-users are vulnerable to phishing, malware and other attacks.

Survey respondents indicate growing concerns about the risks unmanaged devices pose.

54%

are very or quite worried about shadow IT.

87%

of respondents are at least somewhat worried about shadow IT.

BYOD risks

Companies that allowed employees to use their own devices at work peaked in 2021, in the aftermath of the COVID-19 pandemic.22 Since then, BYOD adoption has stabilized, with a majority of companies either allowing or considering allowing personal device use for work-related tasks. Securing employee-owned devices is often considerably more difficult than securing corporate devices, especially without a mobile device management (MDM) solution in place. In reality, adopting a BYOD policy means making a concession: It’s the same as saying that some shadow IT is okay. If employees are allowed to use their personal devices at work, everyone in the organization is entrusted with responsibilities that once belonged only to the IT department. Still, many organizations offer BYOD policies.

59%

of respondents allow employees to access work email from their personal phones/devices.

An additional
34%

are considering doing so.

Secure connectivity

It’s not just mobile device vulnerabilities that generate risks. Insecure connectivity makes it easier to steal data or compromise the confidentiality of sensitive information. For many organizations, the pressure’s on to allow remote workers to use public Wi-Fi, home Wi-Fi and cellular networks. Even those that don’t explicitly allow these types of connectivity often struggle to prevent it in real-world scenarios.

37%

of employees in organizations that ban (or don’t have a policy on) the use of public Wi-Fi use it anyway.

45%

of employees in organizations that ban (or don’t have a policy on) the use of home Wi-Fi use it anyway.

26%

of employees in organizations that ban (or don’t have a policy on) the use of cellular networks or hotspots use them anyway.

Security tools and policy advantages

Research from Ivanti shows that today’s top employees prefer workplace policies that include flexible scheduling and hybrid work that allow them to work where and when they’re most productive.23

80%

of office-based workers highly value workplace flexibility, or find it something they can’t do without.24

41%

would consider changing jobs to gain more flexibility at work.25

79%

agree letting people work anywhere is the future of professional employment.26

To meet their employees’ rising expectations, companies provide support and solutions to enable them to work securely, regardless of their location. Organizations that have defined policies for allowing public or home Wi-Fi use or the use of cellular networks for work purposes have an edge here.

Nearly all respondents (99+%) indicate their organizations have implemented remote access security technologies. The most commonly used solutions in this category include:

Virtual private networks (VPNs)

Identity and access management (IAM) platforms

Cloud access security broker (CASB) tools

Multi-factor authentication (MFA)

In addition, more than two-thirds (66%) of respondents now apply centralized security standards across all projects involving mobile devices and more than half (58%) of IT departments have oversight across these projects.

22 Verizon, Mobile Security Index, 2022.

23 Ivanti, Everywhere Work Report, 2024.

24 Ibid.

25 Ibid.

26 Ibid.

Let’s
connect

Call Sales
877-297-7816

Chat with us
Start live chat

 

Have us contact you
Request a call