How to help the CISO to combat Shadow IT?

share post


To begin to understand how we should help the CISO to combat Shadow It, we turn to the definition of the coGartner consultant to understand exactly what Shadow It consists of: “Shadow IT It is any computer device, software or service, generally based on the cloud, that is used in an organization but that is outside the control of the IT department of said organization or is used without its knowledge or approval.

That is, when a worker decides to use a cloud-based service without the knowledge of the company is making use of Shadow IT. use of the smartphone or personal laptop for work matters; share corporate documents through applications such as Dropbox, WeTransfer or WhatsApp; connecting a USB brought from home to the work PC… Using shadow technology exposes the organization to security breaches and unwanted information leaks.


That is why we want to highlight the difficult situation of the CISO 

The CISO is in charge of to protect without hindering the day-to-day activities of employees and offer tools that the Business also approves.

There is a syndrome called Cassandra's syndrome that defines the difficult task of the CISO. Says the following: predict without being heard and when it happens, be judged for not having seen it coming...


How can we help the CISO in his duty to protect the employee, organization, suppliers and shareholders?

Digitization is changing the way organizations conduct business and social relationships. A proven increase in productivity and efficiency and an undesired collateral effect that is the increase, among many others, of email vulnerabilities, gaps and digital risk is becoming increasingly important. 


  • 1 in 3 workers share and upload corporate data to third-party qcloud apps
  • 1 in 4 employees connect to cloud solutions using their corporate username and password

This can lead to large security loopholes exploited by cybercriminals to get company data. It can create problems and expose the company to unplanned risks. In these cloud-based applications, the data used is not protected properly or according to the standards of the organization or its customers. 

From Tranxfer we want to address the issue by raising the confrontation between Aware and Prohibit


We want to share with you the best known tools within Shadow IT to share, store, and make copies of files that bring more headaches to CISOS and IT security departments in companies: 

  • google drive 
  • dropbox box 
  • OneDrive, 
  • WeTransfer, 
  • YouSendIT, 
  • Fire Drive 
  • ShareFile 

They are the applications most used by workers although there are many others such as Yandex Disk, Solidfiles, Freakshare, Filefactory, Copy, 4Shared, eFolder, Goodsync, Hightail, Zippyshare and Mega.

The aforementioned tools are Shadow IT and expose us to GDPR sanctions, and Information Leakage, in addition to exposing us to 'the bad guys' 

The ex-CISO of BBVA in 2019 said a phrase that we believe perfectly defines the situation:

»Share information with third parties using a platform of 

sharing is like leaving the keys to your house in the ignition and hoping that nothing will ever happen» 

ex-BBVA CISO – 2019


What is the company exposed to using Shadow IT tools?

The most frequent problems among companies that use Shadow IT tools are the following:

  • information leaks
  • GDPR breach
  • malware entry 


How can a breach of the regulations harm? 
  • Economic consequences caused by sanctions that entail, depending on the size of the organization, from 10 to 20 million euros either between 2% and 4% of the billing volume company annual.
  • Consequences related to reputation. 


How to avoid these risks? 

we put Tranxfer available to all organizations, without importar its size, to ensure the flow of exchange insurance information and guarantee the needs for the workplace in optimal conditions, supporting those responsible for security in their work to protect the organization.

In 2020, the Naturgy Security Department defines us as: 

»Tranxfer is the best corporate platform to eliminate the shadow it and the safest to exchange information» 

Naturgy Security Department – 2020

If Shadow IT is unavoidable, bring it out into the open! and turn it into an opportunity 

The radical approach against Shadow IT is to block access to all non-corporate services. However, it may not always be realistic for all companies, especially in this new work reality where many workers are not in offices. Sometimes Shadow IT itself, through applications used by employees, can help them do their jobs better, so a ban can affect business efficiency.

Tranxfer is the perfect tool for your employees as an alternative to WeTransfer and other platforms to share ATTACHMENTS AND LARGE FILES with the maximum security guarantees and advanced features. 


Easily adopted and appreciated in business for its extra features

There is a web version or an embeddable version in email

Instead of seeing Shadow IT as a threat, companies should see it as an opportunity to motivate employees to identify the applications they want to use. In this way, the technology department can enable applications that are in compliance with company rules or that can be use even if some rules are broken. It is necessary to embrace the idea that usearies must explore new technologies, new tools and new processes or services that facilitate their work and that transform them into more efficient professionals in sales or executions, within a supply chain.

DO YOU WANT A FREE TRIAL? – Contact us for more information

With TRANXFER you can easily protect your organization:

  • Send files and receive files with no weight limit, and securely. The tool offers traceability and continuous audit; monitoring, acknowledgment of reception, readings and/or downloads. 
  • Advanced security policies and an easy-to-use user and administrator interface, in version website or O365 plugin. 
  • We have APIs and Plugins to integrate with other systems 
  • We can integrate with SIEM, Active Directory and we offer different deployment modalities 
  • Information leaks | GDPR breach | malware entry 

The preferred tool of CISOs to fight against shadow IT and strengthen your security manager plan for file sharing 

  • Send and receive files securely 
  • Choose your shipping preferences and 
  • display 
  • Prevents entry and exit of Malware 
  • Control information leakage 
  • end-to-end encryption


More than 1 million licensed users

More than 5 million recipients 


Contact us for more information: [email protected]

Or through our social networks:

LinkedIn Logo | BRAND LOGOSLinkedIn Y Twitter  Twitter Logo - PNG and Vector


More articles