Shadow IT: Getting the visibility you need

by Gary Audin

January 15th, 2020

This article was originally published by Telecom Reseller.

A recent CIO survey found that on average, most IT leaders believed they had only 30-40 apps running on their network—when in reality that number was over 900. The danger of that unknown could be exposing your company data and eating up as much as 40-50% of your IT budget, according to Gartner and Everest Group. Can the challenges of unsanctioned cloud applications be stopped? Here’s a quick guide to shadow IT and how to handle the blind spots. 

What is shadow IT?

Shadow IT is a term used to describe SaaS applications and cloud-based systems and services (think PaaS, and IaaS) implemented and used without explicit approval from the corporate IT department. It refers to the unauthorized cloud applications running on your network that the IT team knows nothing about. Similarly “stealth IT” describes solutions implemented by departments other than IT. 

Ideally, IT departments provide guidance to the corporate enterprise on technology solutions, systems, and services, helping them create a controlled and secure IT environment. But the cloud and shadow IT issues shatter that ideology. Today, every employee with a device and a credit card can threaten the security of the corporate IT environment just by conducting business as usual. 

Shadow IT dilemmas

Shadow IT has benefits but also comes with serious security consequences. 

SaaS applications are considered an important source for employee productivity and innovation, and the widespread availability of them can create rapid service deployment at lower costs without the IT team taking on the burden of service deployment. These services help departments be more agile, responding to changes rapidly and gaining access to resources that help them be competitive. But many times company data (and much more) is at stake. 

Ultimately, shadow IT is a competitor to the internal IT operations and services, and is known to come with these risks: 

The most dangerous threat, however, is the issue of scope awareness. For most, the shadow IT problem is far worse than they recognize. Remember that statistic from the CIO survey that says most have 888+ unknown apps running on their network? In highly-regulated industries such as healthcare and financial services, there were 20X more cloud apps than originally estimated. Furthermore, the cost of remediation can be significant. Gartner found that investments in shadow IT controls can exceed 40% of IT spending, and research from the Everest Group found that it comprises 50% or more.

Shadow IT: Why it’s not going away

Many factors continue to drive the shadow IT problem including:

So, can the cloud app problem be stopped?

Handling shadow IT: Getting the visibility you need

With today’s easy access to SaaS applications, it’s virtually impossible to prevent shadow IT. Instead, technologies, policies, and processes should be in place to create checks and balances. All cloud applications must be identified, monitored, and managed from a security perspective. 

Visibility is the first step, as IT departments require deep network visibility to understand the list of applications and services operating in their IT environment. The key is to eliminate the guesswork needed to identify unauthorized cloud application usage and to gain the insight needed without the added cost of purchasing a variety of endpoint security solutions. 

Secondarily, IT needs usage statistics. With the comprehensive list and clarity on which applications are most popular, you can adequately delineate the known and unknown applications, addressing unsanctioned ones using a prioritized approach. 

These questions and insights can help guide your risk mitigation plan:

When an IT department can get the application visibility and usage statistics all within the same network management portal it uses every day, creating a governance system for shadow IT becomes a simple part of IT management. Masergy’s Managed SD-WAN is one such service.  Learn more about Masergy’s Shadow IT Discovery solution.

For more information on this topic, the IEEE produced a detailed article, “Shadow IT Evaluation Model,” which includes an in-depth discussion of how to evaluate shadow IT. 

Gary Audin

With more than 40+ years of computer, communications, and security consulting and implementation experience, Gary Audin is a celebrated author and IT thought leader with regular articles published by Telecom Reseller, No Jitter, TechTarget, and Webtorials. Gary has operated and managed data, LAN, and telephone networks including local area, national and international networks as well as VoIP and IP convergent networks both in the U.S. and across the globe. As a trusted consultant, he has advised domestic and international venture capital and investment bankers in communications, VoIP, and microprocessor technologies.

Related Content

Fortinet & Masergy: The security-driven approach to SD-WAN

Here’s a fully managed SD-WAN solution that helps organizations truly transform the WAN edge with a security-driven approach.

Read more

Game strategy: Improve your handicap with SASE

Much like the environmental variables that impact your golf shot, SASE is helping buyers understand that there’s a lot to consider when it comes to SD-WAN.

Read more

The next-gen swing: Teeing up AI to support SD-WAN

How does AI augment your SD-WAN strategy? Network industry analyst Zeus Kerravala shows you how to tee up digital transformation.

Read more