The findings of this exposure category are related to the unmanaged IT assets (old or unused IT assets), non-production IT assets or services that are NOT supposed to be publicly accessible. The shadow assets would easily become the prime targets of the threat actor to circumvent or compromise your existing security controls.