shadow-it
Safeguard articles tagged "shadow-it" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Know your cloud environment: a practical asset inventory methodology
Gartner projects that through 2025, 99% of cloud security failures will be the customer's fault — almost always because an asset nobody tracked got misconfigured.
Why asset inventory should come before AppSec tooling
Only 17% of organizations can inventory 95%+ of their assets, and 69% have been breached through one they didn't know existed — start with the map, not the scanner.
Detecting shadow MCP servers in developer environments
Unauthorized MCP servers running on developer laptops are the agent-era equivalent of shadow IT. Here is how to inventory them, see them at runtime, and bring them under policy.
Low-Code/No-Code Platforms: The Shadow Supply Chain in Your Organization
Citizen developers are building applications on low-code platforms faster than security teams can assess them. The supply chain risks are real and growing.
Browser Extension Supply Chain Attacks: The Overlooked Threat Vector
Browser extensions have become a prime target for supply chain attackers. With access to browsing data, credentials, and session tokens, a compromised extension is a skeleton key to your organization.