The impact of the Shadow IT on data processing security in infrastructure of institutions: risks and solutions

The article presents an analysis of the factors contributing to the emergence of Shadow IT, an assessment of its impact on data security properties, and a set of formalized measures aimed at mitigating the associated risks in Internet-oriented information systems. The study employs a systems analysis of information systems, a comparative analysis of Shadow IT management approaches, information security threat analysis, generalization of practices in the application of technical and organizational security controls, and an analysis of the frequency of Shadow IT occurrence. As a result, architectural and organizational prerequisites for the proliferation of Shadow IT in distributed and cloud-based data processing environments are identified; the impact of unauthorized IT services on the confidentiality, integrity, and availability of information is analyzed; approaches to the detection and control of Shadow IT are examined; and the complex of formalized measures is proposed, aimed at increasing transparency in the use of IT resources and improving the manageability of data processing processes. The conducted analysis and proposed measures are expected to reduce the level of uncontrolled information security risks and enhance the resilience of data processing in the long term.