Shadow data is data that is created, stored, or shared without being formally managed or governed by the relevant IT teams. Shadow data can be found in spreadsheets, local copies of databases, emails, and presentations. It would often find its way to personal devices, but shadow data assets can also live on cloud storage such as Amazon S3, or as overlooked tables in a database.
Shadow data can pose a security risk to organizations: in most cases, security controls and policies won't be applied to this data. This can make it more difficult to track and monitor, and more vulnerable to unauthorized access.
To mitigate the risks associated with shadow data, it is important for organizations to have policies and procedures in place to manage and govern the creation, storage, and sharing of new datasets. In addition, organizations can use data security tools (such as DSPM) to identify, classify, and secure shadow data.