# Shadow IT Discovery and Control Operations One-sentence definition: Find and govern unsanctioned IT/services to reduce risk and consolidate controls. ## Key Facts - Discover via DNS/proxy logs, expense reports, SSO logs, CASB discovery. - Classify by risk; bring into SSO/MFA; restrict unsanctioned egress. - Provide sanctioned alternatives; educate and track adoption. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose discovery + onboarding, not blanket bans without alternatives. **Mnemonic:** “**Find**, **formalize**, **fold-in**.” ## Mini Scenario Q: Team uses unmanaged file sharing—action? A: Block unsanctioned domain; offer approved service with DLP; migrate data. ## Revision Checklist - Two discovery sources. - Control approach. - Adoption tactic. ## Related [[SaaS Service Continuity and Admin Operations]] · [[OAuth Consent and Admin Consent Governance]] · [[Data Loss Prevention (DLP) Testing (Email Web Endpoint)]] · [[Third-Party Operational Risk and Managed Services]] · [[Domain 7 - Index]]