Open Threat Database

All threats

Shadow IT

medium

shadow-it

Unauthorized SaaS applications used by employees bypass security controls, create visibility gaps, and may expose corporate data

Information DisclosureRepudiation

MITRE ATT&CK techniques

IDNameTactic
T1567 Exfiltration Over Web Service Exfiltration
T1199 Trusted Relationship Initial Access

Common Weakness Enumeration

None mapped.

Mitigating controls

ctrl-shadow-1
Deploy CASB (Cloud Access Security Broker) for SaaS visibility
ctrl-shadow-2
Implement network monitoring for unauthorized SaaS usage
ctrl-shadow-3
Establish approved SaaS application catalog
ctrl-shadow-4
Provide easy request process for new SaaS applications
ctrl-shadow-5
Conduct regular shadow IT discovery and remediation

References