top of page
Search

🛡️ From Shadow IT to Guided Innovation

  • Writer: Bjørnar Aassveen
    Bjørnar Aassveen
  • Oct 16
  • 3 min read

Gain visibility with Defender and Purview

Cloud-based services and generative AI have lowered the threshold for adopting new digital tools. That’s great for innovation—but challenging for security and compliance. Many organizations find that employees use apps and services without the IT department’s knowledge, also known as Shadow IT.


Shadow IT isn’t exactly new. Who hasn’t stumbled across a Dropbox account here or a Gmail address there, used to send documents to colleagues or share files with external partners? It happens all the time, usually with the best intentions.

But why do these shadow tools emerge in the first place? Often, it’s actually the IT department itself that—perhaps unintentionally—paves the way. In their eagerness to protect their domain and keep the fortress secure, they sometimes forget what users actually need in their daily work. And (un)fortunately, people are creative—so when the gate is closed, they find a back way in. Maybe via a cloud storage service, an AI chat, or an app that “just works.”


Shadow IT isn’t necessarily malicious, it’s often about employees trying to solve problems efficiently. But without visibility and control, it can lead to:

  • Violations of privacy and security requirements

  • Loss or leakage of sensitive information

  • Non-compliance with regulations like GDPR, NIS, and DORA



From Prohibition to Understanding

Banning everything that isn’t approved rarely works. A better approach is to:

  • Map actual usage – gain insight into which apps and services are being used

  • Assess risk – which services are safe, and which are not?

  • Establish guidelines – what is allowed and what isn’t?

  • Offer alternatives – secure and approved tools that meet user needs


Tools That Give You Control

Microsoft Defender for Cloud Apps

Gives you insight and control over cloud services used in your organization—both approved and unauthorized.

  • Classifies apps by risk (over 90 risk parameters)

  • Provides a Shadow IT report with usage, data traffic, and risk overview

  • Allows you to block or restrict access to risky apps

  • Integrates with Microsoft Defender XDR and Entra ID


Example from the demo environment shows all apps discovered in my environment, categorized by type.


To get started with Defender for Cloud Apps and policy building, I recommend this guide by Gary: defender-docs/defender-for-cloud-apps/get-started.md at public · MicrosoftDocs/defender-docs · GitHub


ree

🔐 Microsoft Purview

Purview is Microsoft’s platform for data governance and information protection. It helps you understand, classify, and protect data—wherever it resides (within your boundaries, of course).

  • Detects and classifies sensitive information (e.g., personal data, health records, trade secrets)

  • Uses sensitivity labels and DLP policies to protect data

  • Monitors and logs sharing, storage, and usage of data—even in unauthorized apps

  • Integrates with Defender for Cloud Apps to protect data in Shadow IT environments



🔗 When the Tools Meet

Scenario

Tool(s)

Role

Employees use unauthorized apps

Defender for Cloud Apps

Detects and assesses risk

Sensitive info uploaded to unknown app

Purview + Defender

Detects and protects data

You want to block high-risk apps

Defender for Cloud Apps

Policy control and blocking

You want to ensure data stays within approved systems

Purview DLP

Prevents data leakage

You want to report and document actions

Purview + Defender

Logging and compliance

Practical Example

A mid-sized company discovered via Defender for Cloud Apps that over 180 different cloud services were in use—many with high risk. By combining this with Purview, they achieved:

  • Visibility into which apps were actually used

  • Insight into which apps handled sensitive information

  • Established an approved app catalog

  • Implemented DLP policies to protect data

  • Increased employee awareness through training and communication


Summary

Shadow IT isn’t just a security problem, it’s also an opportunity to understand how employees actually work and where the gaps are.

With Microsoft Defender for Cloud Apps and Microsoft Purview, you get:

  • Insight into actual usage

  • Control over risk

  • Protection of data


By combining technology with clear guidelines and good communication, you can go from chaos to control, and support innovation across the organization.

And then we can debate whether everything is innovation… birthday speeches in rhyming verse and impersonal references from an AI “near you”…? Up to you 😎


Bjørnar&AI



 
 
 

Comments

bottom of page