Shadow IT on Campus: How Hidden Risk is Undermining Education Cybersecurity

Supply Chain Risk Management

Education’s reliance on SaaS and vendors expands attack surfaces—finding hidden assets and supply chain risks is key to reducing breach risk.

Tim Grieveson

CSO & EVP Information Security

October 15, 2025

October 14, 2025

There are certain recurring stories in universities and colleges: a well-meaning department starts a pilot online learning platform via a credit card. HR signs up for a new cloud tool to track applicants. Labs download open-source research software. Admin staff use productivity tools without oversight. These proliferate, often outside central IT’s purview.

Recent data backs this up: the 2025 UK Cyber Security Breaches Survey found that 91% of higher education institutions and 85% of further education colleges experienced cyberattacks in the past year. Also, the education sector was among the top targeted in third-party breaches, in part due to high vendor dependency.

Where the Blind Spots Lie & Why They’re Risky for Schools

SaaS app proliferation in departments: Faculty or research groups often adopt tools (for collaboration, data analysis, remote labs) without security reviews. These may store student or research data outside institution control.

Expired or forgotten systems: Moodle installations, lab VMs, or conference apps run by student unions may have old certs or unpatched code. Attackers scan for those.

Vendor tool integrations that persist: Vendors providing learning-management, admissions, alumni, or library services may spin up public interfaces or overlook endpoint security, creating indirect exposure.

Remote learning / cloud storage platforms: As education embraced remote/hybrid models, dependence on third-party clouds has grown. Gaps in configuration, identity management, or API security make them juicy targets.

What Education Security Leaders Can Do
‍

Tactic	How to Execute in Education
Create a SaaS/Catalog Inventory Program	Have every department register tools in a central catalog; require that any tool handling sensitive or personal data passes a security checklist before approval.
Shadow IT discovery audits	Run external scans for domains/subdomains tied to your organization but not listed in internal inventories. Use crawling, certificate transparency logs, DNS monitoring. Prioritize those that map back to systems with sensitive data.
Vendor exposure monitoring	For key vendors (LMS, cloud storage, email, research software), monitor changes in their infrastructure: new subdomains, certificate changes, leaked source code. Include them in your external exposure or supply-chain discovery tool.
Automate certificate & endpoint health checks	Identify expired or weak TLS certs, open ports, outdated software in SaaS/endpoints used by departments. Catch often-forgotten assets (lab machines, research servers).
Risk prioritization weighted by data sensitivity	Prioritize exposures that touch student data, research IP, or alumni financial data. Use Digital Proximity^TM (Patent Pending) to contextualize: is the SaaS tool connected (via API, network, third party) to core critical systems?

‍

For colleges and universities, hidden risk isn’t just a technical nuisance; it strikes at the heart of trust, compliance, and financial survival. In an environment where resources are already stretched thin, the smartest strategy is uncovering what matters most, early enough to act. By bringing supply chain visibility and shadow IT into the conversation, education leaders can protect what makes their institutions thrive: their people, their reputation, and their mission.

get a personalized demo

What’s connected to you right now?

run a discovery scan

get a personalized demo

What’s connected to you right now?

Run a discovery scan

Where the Blind Spots Lie & Why They’re Risky for Schools

What Education Security Leaders Can Do‍

We're just a message away

What Education Security Leaders Can Do
‍

We're just
a message away