Hybrid and remote working has been a lifesaver for many organisations. It gave businesses the chance to court a more geographically diverse workforce. For employees, many enjoy the benefits that flexible and remote working offer.
Nothing like this had ever happened in the history of work, and then suddenly, we were in uncharted territory. The opportunities were matched with new challenges, and a few challenges were as complex as those faced by IT security teams.
There has been a device sprawl as the number of employees accessing company resources from personal devices, and using unknown and unvetted networks, has risen, so much so that security teams simply don’t know what they don’t know. We call this the “visibility gap”, a disconnect between what firms think they can see and manage, and how employees really use their devices. That gap represents a critical cybersecurity risk.
What is shadow IT and why does it matter?
The visibility gap has fueled a growing problem: shadow IT. Employees are using personal devices and unapproved applications to work around restrictive systems. This is rarely malicious. In most cases, it’s about productivity and convenience, but it creates unmanaged endpoints and unmonitored data flows.
According to our research, 67% of IT leaders admit they lack complete visibility into the devices accessing corporate data. At the same time, 40% of employees use personal devices for work on a daily basis. These unmanaged endpoints are blind spots where endpoint security policies fail, opening organisations to data breaches, compliance violations, and exposure to unvetted applications.
The scale of the disconnect
The report highlights several areas where IT leaders’ assumptions diverge from reality.
- Personal device usage – IT leaders underestimate personal device usage, believing fewer than half of employees use personal devices. In reality, 67% do, and 40% use them daily.
- Security – 60% of leaders assume multi-factor authentication (MFA) is implemented, but only 50.9% of employees confirm using it.
- Unified Endpoint Management (UEM) deployment – While 43% of leaders claim UEM agents are deployed, just 27% of employees confirm using them.
- Policy awareness – One in five employees doesn’t know whether personal device use is authorized, signaling a major policy communication failure.
These figures illustrate why traditional perimeter-based security models are struggling. Without proper endpoint visibility, IT teams cannot enforce endpoint compliance or deploy endpoint security tools effectively.
How to close the Visibility Gap with endpoint management
Shadow IT will never disappear entirely, but organisations can manage it by focusing on endpoint management strategies that match employee behavior rather than resisting it. Key steps include:
- Adopting UEM to centralize management across desktops, mobiles, and other devices.
- Improving IT asset management to maintain an accurate inventory of connected endpoints.
- Deploying mobile device management (MDM) solutions to secure personal devices without compromising usability.
- Enhancing IT operations efficiency by streamlining monitoring, patching, and security policy enforcement.
The organisations that succeed will be those that align endpoint security with human behavior instead of working against it. Employees need flexibility, and IT leaders need visibility. The right tools can deliver both.
Get the full Scalefusion report
The visibility gap poses a significant IT security challenge for modern enterprises. To understand its scope and learn actionable steps to close it, download the full Scalefusion report.
