What is shadow IT and how can you protect yourself from it?

Shadow IT stands for systems, apps/applications or cloud services that employees of a company use without the knowledge or consent of the IT department.

Information systems in large organisations can be a source of frustration for their users. To get around perceived or real limitations of solutions provided by a centralised IT department, other departments may build independent IT resources to meet their specific or urgent needs. It's not uncommon for resourceful departments to hire IT engineers and purchase or even develop software without the knowledge, approval or oversight of a centralised IT department.

Popular unmonitored IT systems

One of the biggest reasons employees participate in shadow IT is to work more efficiently. These apps or services are most often used:

• Dropbox
• Whatsapp
• Skype
• OneDrive
• Image editing systems
• File-sharing cloud services

These tools are often used unconsciously, users are not aware that they are contributing to shadow IT. So it’s not out of malice, but often out of convenience. The users are already familiar with these apps or services and are more comfortable with them. Sometimes people are simply unaware of the apps that their IT department offer, they’ve had a bad experience in the application process for a non-approved app or the process takes too long. During COVID-19 we’ve seen a rise in shadow IT, especially in the beginning when people were relocated to their home offices and didn’t have the right tools to work together.

Why is shadow IT dangerous?

The bottom line is that if the IT department isn’t aware of an application, they can’t support it or ensure that it’s secure. Other reasons are:

• They cannot test or verify applications
• They cannot patch vulnerabilities (old software versions)
• They cannot adjust their IT security policy
• They do not know where critical data is stored or where GDPR-relevant data is data are processed (liability)

Shadow IT isn’t all inherently dangerous, but certain features such as file sharing/storage and collaboration can result in sensitive data leaks. Next to security risks, shadow IT can also waste money if different departments are unknowingly purchasing duplicate solutions.

How to counter the dangers of shadow IT

While it’s clear that shadow IT isn’t going away, organisations can minimise risk. This can be done by educating end-users (awareness training) and taking preventative measures to monitor and manage unsanctioned applications.

It is also smart to simplify and clearly define the application process when people want a new app. As an IT department, you can also be proactive by engaging with departments to understand their IT needs and offer solutions that meet their requirements.

Also by conducting regular audits and surveys to identify any unauthorised IT resources within your organisation. Installing an early detection system to identify any unauthorised IT resource being used and take appropriate action.

A more harsh method is by blocking communication with unwanted applications. This way you can contain shadow IT.

Applications that monitor shadow IT

There are several tools that organisations can use to monitor shadow IT, including:

• DNS security: DNS is the start of all communication, it sees everything. It can block unwanted applications (Zero Trust), it’s an attack vector and can also be a line of defence. And it is also part of the cyber kill chain.
• Cloud Access Security Brokers (CASBs):CASBs can be used to monitor cloud services usage and detect any unauthorised cloud services being used within the organisation.
• Endpoint Detection and Response (EDR): EDR tools can monitor endpoints such as desktops, laptops, and mobile devices to detect any unauthorised applications or processes running on them.
• Data Loss Prevention (DLP): DLP tools can be used to monitor and control the movement of sensitive data within the organisation. DLP tools can detect when sensitive data is being transferred to unauthorised cloud services or devices.
• Application Performance Monitoring (APM): APM tools can monitor the performance of applications being used within the organisation. These tools can detect when employees are using unauthorised or non-approved applications.

By using these tools, organisations can detect and monitor shadow IT usage within the organisation and take appropriate action to ensure that all IT resources are managed in a secure and compliant manner. It's important to note that these tools should be used in conjunction with policies and procedures that clearly define the acceptable use of IT resources within the organisation.