Threat Actors
Last updated
Last updated
An IT professional who sets up a personal cloud storage account to store company data without informing the IT department is engaging in shadow IT. However, this behavior could also pose an insider threat. Here’s an explanation of both terms:
Definition: Shadow IT refers to the use of information technology systems, devices, software, applications, and services without explicit IT department approval.
Context: In this case, the IT professional is using a personal cloud storage account for company data without informing or getting permission from the IT department. This can lead to security risks, data breaches, and compliance issues because the IT department is unaware of and cannot manage or secure these unapproved resources.
Definition: An insider threat involves a current or former employee, contractor, or business partner who has or had authorized access to an organization's network, systems, or data and who misuses that access to harm the organization.
Context: While the IT professional's action of using personal cloud storage can be considered a form of shadow IT, if the intention behind this action is to misuse the data or harm the organization, it could also be classified as an insider threat. This includes any intentional or unintentional act that compromises the organization’s data security.
In summary, setting up personal cloud storage for company data without informing the IT department is primarily an example of shadow IT, but it has the potential to become an insider threat depending on the intent and outcome of the action.
