Evaluating Zero Trust Adoption in Remote Work Environments: Shadow IT Challenges and Mitigation Strategies
Ghimire, Bishwas (2025)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025122138813
https://urn.fi/URN:NBN:fi:amk-2025122138813
Tiivistelmä
This study examines the adoption of Zero Trust security architecture in remote work environments, with a specific focus on mitigating the risks associated with Shadow IT in SMEs. The research is grounded in two complementary sources of evidence: theoretical literature and empirical data from a quantitative survey of employees working in remote or hybrid settings. Drawing on established frameworks such as NIST SP 800-207 and prior academic research on Zero Trust and Shadow IT, the study explores how identity-based controls, continuous verification, and adaptive governance mechanisms can reduce unauthorized technology use without undermining productivity.
Empirical data was collected through a structured questionnaire administered to 51 respondents across diverse job roles. The findings reveal that Shadow IT practices are widespread in remote work contexts and are primarily driven by convenience, slow approval processes, and inadequacies in approved organizational tools. At the same time, the results show that organizations implementing Zero Trust principles, including least privilege access, device trust, continuous authentication, and cloud application monitoring, experience a measurable reduction in Shadow IT behavior.
Statistical analyses confirm that Zero Trust tools and pragmatic, employee-centered security strategies significantly influence user behavior, particularly in resource-constrained SME environments. The study concludes that effective Shadow IT mitigation requires an integrated approach that combines robust Zero Trust controls with supportive governance, usability-focused policies, and security awareness initiatives.
Empirical data was collected through a structured questionnaire administered to 51 respondents across diverse job roles. The findings reveal that Shadow IT practices are widespread in remote work contexts and are primarily driven by convenience, slow approval processes, and inadequacies in approved organizational tools. At the same time, the results show that organizations implementing Zero Trust principles, including least privilege access, device trust, continuous authentication, and cloud application monitoring, experience a measurable reduction in Shadow IT behavior.
Statistical analyses confirm that Zero Trust tools and pragmatic, employee-centered security strategies significantly influence user behavior, particularly in resource-constrained SME environments. The study concludes that effective Shadow IT mitigation requires an integrated approach that combines robust Zero Trust controls with supportive governance, usability-focused policies, and security awareness initiatives.