Shadow IT Awareness

What You'll Learn

• Define shadow IT and recognize common examples including unauthorized SaaS tools, personal cloud storage, and unapproved AI assistants used for work tasks
• Evaluate the security risks of uploading company data to unvetted third-party services, including data residency and compliance exposure
• Apply a practical checklist for assessing whether a new tool or service should be requested through official IT channels
• Understand how shadow IT creates security blind spots that prevent your organization from monitoring, patching, or revoking access to sensitive data
• Identify the difference between convenient workarounds and genuine security risks when team members suggest new tools under time pressure

Training Steps

1. A Tight Deadline

   Welcome to Pinnacle Consulting Group! You are Alice, a project manager leading a critical client deliverable due by end of week. Your team has finalized the design files for the Hawthorne project, but there's a problem - the files total 127MB, and the company's approved file-sharing platform only handles up to 50MB. The client is already asking for the files.

2. A Message from Marcus

   Alice's phone buzzes with a Telegram notification from her colleague Marcus Chen.

3. Getting the Link

   CloudDrop sounds like it would solve Alice's problem immediately. The deadline is pressing and she needs a solution fast.

4. Opening CloudDrop

   Alice opens CloudDrop on her desktop browser. The site looks professional and straightforward - a clean interface promising fast, free file sharing.

5. Selecting Files to Upload

   Alice clicks the Upload Files button. A file browser opens so she can select the Hawthorne deliverables from her documents folder.

6. Uploading the Hawthorne Deliverables

   The file manager opens, showing Alice's files. She needs to navigate to the documents folder and select the Hawthorne deliverables zip file - 127MB of design files, project timelines, and documents containing client contact information.

7. Sharing the Link with the Client

   The upload is complete and CloudDrop has generated a shareable link. Alice switches to her email to send the download link to Sarah at Hawthorne Industries.

8. A Disturbing Email

   A week has passed. Alice starts her Monday morning to find an unexpected email from CloudDrop.

9. IT Security Incident Alert

   Before Alice can fully process the CloudDrop breach notification, another email arrives - this one from Pinnacle's own Security Operations Center.

10. Calling IT Security

    Alice's heart sinks. The Hawthorne project files she uploaded to CloudDrop last week are part of the breach. She needs to call IT Security immediately and come forward.