What is Shadow IT?
Shadow IT refers to the situation in most organisations where users deploy cloud-connected apps or use cloud services within the enterprise environment without the IT department’s knowledge or consent. Some shadow IT usage may be innocuous or even helpful. But they also create new cybersecurity risks.
Shadow IT Safety Tips
To get a more accurate understanding of who is using shadow IT apps and the risk they pose to your organisation, you need answers to these questions:
- What are the cloud apps used in my organisation?
- What are the trends for SaaS adoption and usage? What SaaS apps are overlapping?
- Who is using which application?
- How is shadow IT being used? Is the use of these applications in accordance with company policy?
- Is users’ shadow IT usage risky in terms of security (vulnerabilities and threats) and compliance?
- Which SaaS apps show file upload and download activity?
- Which file uploads and downloads in SaaS apps are violating data loss prevention (DLP) rules?
- Who is uploading or downloading files with DLP violations?
Shadow IT Risks & Issues
Many workers deploy cloud apps in the corporate environment with the best of intentions. They’ve discovered an app that works great and they use it and share it with colleagues. But it’s not approved by the IT security people because they haven’t been told about it.
IT security might think they have 20 or 30 of these shadow apps on their network, which might be manageable. But when they run a shadow IT discovery check, they’re shocked to find they have 1,300 such applications that they had no idea were there. The more unknown apps on the network, the greater the shadow IT risks. And you can’t secure what you don’t know about.
Shadow IT Threats
In today’s cloud-first world, governing your users’ access to both IT-authorised and unauthorised apps (Shadow IT) has never been more important. The average enterprise has an estimated 1,000 cloud apps in use. And some of these have serious security gaps that can potentially put organisations at risk and violate compliance regulations and mandates.
An example is users granting broad OAuth permissions to third-party apps. This inadvertently violates data residency regulations, such as GDPR. In addition, attackers often use third-party add-ons and social engineering to trick people into granting broad access to your approved SaaS apps—such as Office 365, G Suite and Box—that typically contain sensitive data.
Tips for Shadow IT Protection
A CASB solution helps you govern the shadow IT cloud apps and services your people use by offering a centralised view of your cloud environment. It allows you to get insights into who is accessing what apps and data in the cloud from where and from which device.
CASBs catalogue cloud services (including third-party OAuth apps) rate the risk level and overall trustworthiness of cloud services and assign them a score. CASBs even provide automated access controls to and from cloud services based on cloud service risk scores and other parameters, such as app category and data permissions.