The inspector general for the intelligence community has informed members of Congress that some material Hillary Clinton emailed from her private server contained classified information, but it was not identified that way. Ken Westin, Security Analyst for Tripwire explains:
“Regardless of the politics involved, the issue here outlines challenges of "Shadow IT" either in government or the enterprise. When IT administrators do not have control of, or access to systems and data, it is difficult to identify if sensitive data has been exposed, either directly or indirectly. The classification of data itself can be flawed and it can be difficult to control what data is sent through which systems over time. The silver lining of the Clinton issue is that there has been increased visibility of the risks of political leaders running their own IT systems. As we saw with Homeland Security Secretary Jeh Johnson this past week, even accessing personal email from work computers could be a security risk. The Secretary’s promise not to access home emails from a government computer reflects stronger policy enforcement and detection to mitigate the risks of Shadow IT within the government, particularly amongst senior leaders with access to classified and sensitive data.”