News and Insights – September 2018

Shadow IT in Argentine SMBs: Hidden Risks in Plain Sight

In September 2018, Argentine small and mid-sized businesses continue to grapple with the growing risk of Shadow IT—unauthorized software, apps, and cloud services used by employees without approval or oversight.

While some Shadow IT emerges from a genuine need to get work done faster, its ungoverned nature often opens up serious vulnerabilities. Popular culprits include file-sharing apps (Dropbox, WeTransfer), free productivity tools (Trello, Evernote), browser extensions, and rogue Wi-Fi routers.

A 2018 survey by Cisco estimated that enterprises typically underestimate their Shadow IT footprint by a factor of 15 to 20. For SMBs in Argentina, this gap may be even wider, especially among businesses with flexible BYOD policies or limited in-house IT governance.

Key Risks of Shadow IT

• Data Leakage: Files stored in personal cloud accounts may not comply with security or privacy regulations.
• Malware and Vulnerabilities: Unvetted apps may introduce spyware or backdoors into the network.
• Redundancy and Cost Waste: Multiple tools for the same job increase IT sprawl.
• Compliance Issues: Shadow IT can lead to breaches of GDPR, PCI-DSS, and local data laws.

Why Shadow IT Thrives

1. Lack of approved tools for collaboration or mobile access
2. Complex or slow internal IT request processes
3. Lack of monitoring or enforcement on endpoints
4. Pressure to deliver results fast—even if policies are bypassed

Shadow IT is not inherently evil. Sometimes, it signals innovation. But when left unchecked, it becomes a security liability.

Mitigation Strategies

• Conduct regular audits using network and endpoint monitoring tools
• Set up outbound DNS and firewall rules to block unauthorized services
• Provide clear alternatives—approved apps with business-grade security
• Engage employees through training and include them in tool selection
• Use Mobile Device Management (MDM) and endpoint control software

In one 2018 case, a marketing team in Buenos Aires used a free online survey tool to collect client data. The platform suffered a breach, exposing thousands of emails and feedback forms. Had the team used a secure, vetted alternative, the incident might have been avoided.

Shadow IT is a visibility problem. If you can’t see it, you can’t secure it.

Here is our Shadow IT Risk Checklist to assess your exposure.