Shadow IT refers to any IT resource-hardware, software, or service-adopted without the knowledge or approval of the organization's IT department. This includes cloud or SaaS platforms obtained directly from external service providers. Because these resources bypass normal vetting, they may introduce compliance gaps, data-handling risks, and visibility issues. The correct statement reflects this characteristic, whereas the distractors either limit shadow IT to hardware, describe it as always malicious, or claim it is automatically protected by enterprise security tools.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Shadow IT and why is it a concern for organizations?
Open an interactive chat with Bash
What kind of service providers can be involved in Shadow IT?
Open an interactive chat with Bash
How can organizations manage or mitigate the risks of Shadow IT?