Shadow IT: Getting the visibility you need

A recent CIO survey found that on average, most IT leaders believed they had only 30-40 apps running on their network—when in reality that number was over 900. The danger of that unknown could be exposing your company data and eating up as much as 40-50% of your IT budget, according to Gartner and Everest Group. Can the challenges of unsanctioned cloud applications be stopped? Here’s a quick guide to shadow IT and how to handle the blind spots.

What is shadow IT?

Shadow IT is a term used to describe SaaS applications and cloud-based systems and services (think PaaS, and IaaS) implemented and used without explicit approval from the corporate IT department. It refers to the unauthorized cloud applications running on your network that the IT team knows nothing about. Similarly “stealth IT” describes solutions implemented by departments other than IT.

Ideally, IT departments provide guidance to the corporate enterprise on technology solutions, systems, and services, helping them create a controlled and secure IT environment. But the cloud and shadow IT issues shatter that ideology. Today, every employee with a device and a credit card can threaten the security of the corporate IT environment just by conducting business as usual.

Shadow IT dilemmas

Shadow IT has benefits but also comes with serious security consequences.

SaaS applications are considered an important source for employee productivity and innovation, and the widespread availability of them can create rapid service deployment at lower costs without the IT team taking on the burden of service deployment. These services help departments be more agile, responding to changes rapidly and gaining access to resources that help them be competitive. But many times company data (and much more) is at stake.

Ultimately, shadow IT is a competitor to the internal IT operations and services, and is known to come with these risks:

The IT Network at Risk: Shadow IT creates security vulnerabilities when employees share company and customer data via cloud apps. IT networks can be at risk because of the external collaborations that are part of shadow IT. Depending on how a department uses these applications and how it shares corporate and customer data with it, collaboration can open the door to cybersecurity threats.
Data Exposure: Even when the service is free, there will be some way that the provider monetizes the service. In some cases, the user’s information may be sold and/or used for advertising. The software download for service access may contain tracking and reporting technology as well as cookies that are otherwise blocked by the organization’s system. This may seem harmless, but it presents one of the main problems with shadow IT. It could enable internal or sensitive information to be viewed by external organizations.
Loss of Control and Compliance: Shadow IT solutions may not align with an organization’s requirements for control, documentation, security, reliability, etc. Both security and compliance regulations often cause organizations to implement restrictions, policies, and procedures that many consider inconvenient. The average shadow IT user may not know of these requirements, and therefore may overlook them. Furthermore, the user may be aware of these requirements but find that they impede their work, actively seeking to thwart or work around them.
Performance and Budget Challenges: Shadow IT can drain financial resources away from IT and can lead to service problems that occur outside IT’s control–as users don’t always have the necessary technical and contractual expertise when deploying shadow IT applications.

The most dangerous threat, however, is the issue of scope awareness. For most, the shadow IT problem is far worse than they recognize. Remember that statistic from the CIO survey that says most have 888+ unknown apps running on their network? In highly-regulated industries such as healthcare and financial services, there were 20X more cloud apps than originally estimated. Furthermore, the cost of remediation can be significant. Gartner found that investments in shadow IT controls can exceed 40% of IT spending, and research from the Everest Group found that it comprises 50% or more.

Shadow IT: Why it’s not going away

Many factors continue to drive the shadow IT problem including:

Enterprises across all industries are embracing the cloud as they migrate to popular enterprise cloud services. SaaS, PaaS, and IaaS are known for improving business, delivering greater productivity and innovation.
Solutions can be implemented almost instantaneously, without the need to wait for IT. IT organizations are dealing with legacy infrastructure and management challenges, meaning they cannot rapidly offer or budget for new services. These deficiencies lead departments to subscribe to outside services.
Services are often cheap and some are even free – which creates the perception that shadow IT is a cheaper alternative. Besides, there are plenty of competing services all offering OPEX payment models that are priced competitively.
A particular solution might have nice features and functions that are not offered by the enterprise IT department.
Users want direct control over their IT services.

So, can the cloud app problem be stopped?

Handling shadow IT: Getting the visibility you need

With today’s easy access to SaaS applications, it’s virtually impossible to prevent shadow IT. Instead, technologies, policies, and processes should be in place to create checks and balances. All cloud applications must be identified, monitored, and managed from a security perspective.

Visibility is the first step, as IT departments require deep network visibility to understand the list of applications and services operating in their IT environment. The key is to eliminate the guesswork needed to identify unauthorized cloud application usage and to gain the insight needed without the added cost of purchasing a variety of endpoint security solutions.

Secondarily, IT needs usage statistics. With the comprehensive list and clarity on which applications are most popular, you can adequately delineate the known and unknown applications, addressing unsanctioned ones using a prioritized approach.

These questions and insights can help guide your risk mitigation plan:

Which shadow IT apps are the most popular and what are the employee usage statistics?
What is the risk level of each shadow IT application or service? Which services store sensitive or confidential data? Collaboration, file sharing, and data storage apps are more likely to be high-risk apps.
How effective are the cloud security, privacy, and compliance procedures for enforcing acceptable cloud use policies?
Which business partners’ cloud services are employees accessing, and at what risk?
Are there redundant services in use that are introducing additional cost and risk or inhibiting productivity?

When an IT department can get the application visibility and usage statistics all within the same network management portal it uses every day, creating a governance system for shadow IT becomes a simple part of IT management. Masergy’s Managed SD-WAN is one such service. Learn more about Masergy’s Shadow IT Discovery solution.

For more information on this topic, the IEEE produced a detailed article, “Shadow IT Evaluation Model,” which includes an in-depth discussion of how to evaluate shadow IT.

Interested in learning more about Managed Security?

Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.

How does Cloud Access Security Broker (CASB) fit into the SASE paradigm?

Dec 8, 2020

How does Cloud Access Security Broker (CASB) fit into the SASE paradigm?

CASB serves as of one of SASE’s fundamental purposes. Here’s how it works within a SASE framework to mitigate security risks.

What is shadow IT?

Shadow IT dilemmas

Shadow IT: Why it’s not going away

Handling shadow IT: Getting the visibility you need

Interested in learning more about Managed Security?

How does Cloud Access Security Broker (CASB) fit into the SASE paradigm?

How does Cloud Access Security Broker (CASB) fit into the SASE paradigm?

SASE from Masergy: Best-of-breed technologies, broad choices, and security that goes beyond SASE

SASE from Masergy: Best-of-breed technologies, broad choices, and security that goes beyond SASE

Masergy Strengthens Its SD-WAN Secure Solution with Deeper SASE Capabilities

Masergy Strengthens Its SD-WAN Secure Solution with Deeper SASE Capabilities

Masergy Receives Frost & Sullivan Technology Innovation Leadership Award for Managed SD-WAN Solution with AIOps

Masergy Receives Frost & Sullivan Technology Innovation Leadership Award for Managed SD-WAN Solution with AIOps

What lies beyond SASE?

What lies beyond SASE?

The permanency of remote healthcare calls for UCaaS + SD‑WAN + Security

The permanency of remote healthcare calls for UCaaS + SD‑WAN + Security

Can I skip SD-WAN and jump straight to SASE?

Can I skip SD-WAN and jump straight to SASE?

The future of the network is autonomous: WFH strategies prepare for self-driving networks

The future of the network is autonomous: WFH strategies prepare for self-driving networks

What are the benefits of SASE?

What are the benefits of SASE?

Masergy Launches SD-WAN Work From Anywhere Solutions

Masergy Launches SD-WAN Work From Anywhere Solutions

How do you tease out the differences in SASE solutions? Tech stacks set providers apart

How do you tease out the differences in SASE solutions? Tech stacks set providers apart

SASE from Fortinet & Masergy: Converging best-of-breed network and security solutions recognized by Gartner

SASE from Fortinet & Masergy: Converging best-of-breed network and security solutions recognized by Gartner

Is there more than one way to SASE? Cloud separates two strategies, schools of thought

Is there more than one way to SASE? Cloud separates two strategies, schools of thought

Is SASE real or just a concept?

Is SASE real or just a concept?

Masergy Named Most Innovative Managed SD-WAN Service Provider by Frost & Sullivan

Masergy Named Most Innovative Managed SD-WAN Service Provider by Frost & Sullivan

Masergy Announces Zenith Partner of the Year Awards

Masergy Announces Zenith Partner of the Year Awards

Co-managed SD-WAN: IT decision makers are leaning in but how do you get the best of both worlds?

Co-managed SD-WAN: IT decision makers are leaning in but how do you get the best of both worlds?

Why are there so many different interpretations of SASE?

Why are there so many different interpretations of SASE?

Masergy SD-WAN wins Leading Lights 2020 Award for Most Innovative SD-WAN Service

Masergy SD-WAN wins Leading Lights 2020 Award for Most Innovative SD-WAN Service

Masergy releases 2020 SD-WAN Market Trends Report

Masergy releases 2020 SD-WAN Market Trends Report

IDG study finds SD-WAN as key enabler for working from anywhere

IDG study finds SD-WAN as key enabler for working from anywhere

The business case for Masergy’s new SD-WAN Secure solutions

The business case for Masergy’s new SD-WAN Secure solutions

Masergy launches new Partner Program for accelerated SD-WAN market

Masergy launches new Partner Program for accelerated SD-WAN market

Masergy launches SD-WAN enhancements: More options and trailblazing SLAs meet the needs of any transforming business

Masergy launches SD-WAN enhancements: More options and trailblazing SLAs meet the needs of any transforming business

Masergy expands its SD-WAN portfolio offering the broadest choice, flexibility, and built-in SASE

Masergy expands its SD-WAN portfolio offering the broadest choice, flexibility, and built-in SASE

Masergy announces the SD‑WAN industry’s most competitive Service Level Agreements

Masergy announces the SD‑WAN industry’s most competitive Service Level Agreements

Work-from-Anywhere Study: ZK Research webinar explores IT trends and SD-WAN urgency

Work-from-Anywhere Study: ZK Research webinar explores IT trends and SD-WAN urgency

Oldcastle infrastructure selects Masergy SD-WAN to build high-availability network for digital transformation

Oldcastle infrastructure selects Masergy SD-WAN to build high-availability network for digital transformation

SD-orchestration: SD-WAN and application performance management

SD-orchestration: SD-WAN and application performance management

WAN automation: Why SD‑WAN is only step one and what’s needed to reach full autonomy

WAN automation: Why SD‑WAN is only step one and what’s needed to reach full autonomy

Elements of SD-WAN & SASE platforms: Differentiators, characteristics and the hidden secret

Elements of SD-WAN & SASE platforms: Differentiators, characteristics and the hidden secret

5G and fixed wireless: Where does it fit in your SD-WAN connectivity strategy?

5G and fixed wireless: Where does it fit in your SD-WAN connectivity strategy?

COVID-19 is changing how IT thinks about MPLS: What networks and leaders need now

COVID-19 is changing how IT thinks about MPLS: What networks and leaders need now

What digital transformation looks like now: Omdia webinar has the outlook for Europe

What digital transformation looks like now: Omdia webinar has the outlook for Europe

Extending secure SD-WAN to secure SD-Branch: The convergence of WAN and LAN at the edge

Extending secure SD-WAN to secure SD-Branch: The convergence of WAN and LAN at the edge

Network security and automation: Why you need user identity analytics now

Network security and automation: Why you need user identity analytics now

Advancing SD-WAN security and control, Masergy introduces identity-based WAN analytics

Advancing SD-WAN security and control, Masergy introduces identity-based WAN analytics