isono.my
Dark
Light
⏱️ 2 min read
× Failed

The Shadow IT Inevitability

USB Mass Storage Blocks, Unmanaged Google Accounts and Unfiltered AI Use: Organisational Appearance of Control over the Reality of Data Flow

The Executive Claim

“Strictly blocking USB Mass Storage and prohibiting the use of public AI tools via corporate policy is a necessary and sufficient ‘Hardening’ measure to prevent data exfiltration and maintain regulatory compliance.”

The Isonomy Audit

In the Isonomy framework, a law (policy) must be applied equally to all paths of the same nature. If the system blocks a Physical Port but leaves the Browser Port unmonitored, the law is asymmetrical and therefore logically invalid.

1. The “USB vs. SaaS” Asymmetry

The policy treats a 64GB thumb drive as a high-risk threat vector while treating a browser window as a “safe” productivity tool.

  • The Block: GPO/EDR blocks USB Mass Storage (Physical layer).
  • The Bypass: The browser allows multi-part encrypted uploads to personal cloud storage (Google Drive, Dropbox, WeTransfer).

The "Compliance Illusion" Diagram

Logic Flow Audit
Perimeter Internal IP Public Cloud 🔒 Physical (USB) 🌐 Application (Browser)
Hardened Facade (False Security)
Unmonitored SaaS Highway

The Math: If a user needs to send a 50MB log file to a vendor but the email attachment limit is 25MB and USB is blocked, the user has a 100% probability of seeking a “Shadow” path to complete their task.

2. The “G-Door” (Unmanaged Identity)

The most significant “Isonomic” failure is the creation of Unmanaged Google Accounts using corporate email addresses (user@company.com).

The "G-Door" Identity Tunnel

Architectural Audit
🔒 Corporate Entrance LOCKED & AUDITED The G-Door UNMANAGED BYPASS
  • The Exploit: Employees use “Sign in with Google” for 3rd-party tools (Figma, Canva, Notion).
  • The Persistence: When an employee is offboarded from official identity (Okta/Entra ID), the unmanaged Google account remains active. Corporate IP is now permanently decoupled from the corporate perimeter.

The Offboarding Asymmetry

Identity Audit
Corporate IDP 🏢 Access Revoked SaaS Tool 🎨 📝 Permanently Active

3. The AI Siphon

Policy-based “bans” on LLMs (ChatGPT, Claude, Gemini) without technical guardrails create a “Head in the Sand” security model.

  • The Risk: An engineer “anonymizing” code by pasting it into a public LLM is essentially a USB transfer to a server the company does not own or audit.
  • The Friction: If the company provides no sanctioned LLM but expects “AI-level” productivity, Shadow IT becomes a requirement for job survival.

Shadow IT Pressure Gauge

Behavioral Logic
Pressure Level
Probability of Exfiltration: HIGH

The Verdict: SYSTEMIC FRICTION

System Status: Inequitable Logic Detected. Security Theater in Effect.

The policy prioritises the appearance of control over the reality of data flow. By creating a hardened facade that doesn’t account for the modern browser-based workflow, the organization hasn’t stopped exfiltration instead it has merely forced it into unmonitored channels.