Beginner 45 min 3-6 players
A routine security audit reveals that a department has been using an unauthorized SaaS application to store and share sensitive customer data, trade secrets, and internal documents — completely outside IT governance. This beginner-friendly tabletop exercise introduces teams to the growing challenge of shadow IT and the data exposure risks it creates. Participants will practice discovery and inventory of unauthorized services, assess data exposure scope, coordinate with business stakeholders who depend on the tool, and develop policies that balance security with the productivity needs that drove shadow IT adoption in the first place.