What is Shadow IT?

What is Shadow IT?

What is Shadow IT?

"Shadow IT" refers to information technology (IT) systems, applications, devices, or software used within an organization without the knowledge or approval of the organization's IT department. Employees or departments often adopt these tools and solutions to improve their productivity, work efficiency, or address specific needs not met by the company's sanctioned IT resources.

Shadow IT is a necessary evil 😈.

Employees always look for new ways to improve their productivity and efficiency, and, naturally, the newest applications haven’t been officially purchased by the company (yet).

While benefits can exist:

  • Unsanctioned apps give employees the freedom to experiment with new technologies without having to go through the formal approval process
  • Employees have the freedom to choose the tools they want to use, which can lead to increased productivity

Risks also lurk in the shadows:

  • Shadow IT can be insecure. When employees use unapproved IT resources, they’re not subject to the same security controls—like Single-Sign-On, or de-provisioning after employees leave. This can lead to data sprawl or other security issues.
  • It can be out of corporate compliance. Employees may be violating company policies on data security, privacy, or compliance.
  • There is an unclear mix of corporate versus personal accounts leading to data exfiltration risks
So how do we solve this?

Introducing Extended Shadow IT (with dope.swg)

How to identify applications employees are using

As an admin, you’ll continue to see the hundreds of apps that are being used across your organization. But now, certain apps will start to show the actual account being used in the company:

  • Google (which accounts)
  • Microsoft 365 (which accounts)
  • Slack (which workspaces & emails)
  • AWS (which AWS account IDs)
  • Dropbox (which email addresses)
  • Box (which accounts)
  • WebEx (which email addresses)
  • Salesforce (which accounts)
  • ChatGPT (which accounts)

Corporate vs Personal Identification

Now you’ll want to know what type of accounts are accessing these apps, are they corporate or personal? And how many of each?
This is incredibly important because it highlights potential data exfiltration risks if you’re not blocking personal SaaS. This visibility is key 🔑.

Identifying data risks

The console will now show which employees are using these apps with which personal and corporate accounts, how much data is being transferred, and what type of authentication security they have in place. It helps inform with visibility and updating policy.

Yes, but, explain to me again, why?

Easy, you can infer how much data users transfer to personal accounts, which users have a mix of corporate vs personal access, and assess areas of data exfiltration and non-compliance.

An example view of Google users in the organization

Take Google for example

If you can access personal and corporate Google drives, an employee can easily upload company data on a personal Google drive. When you start seeing this, the admin can block access to personal Gmail with three clicks. It’s all part of the same console!

Most importantly, it will instantly update across all your managed devices. Zero wait time!

The Shadow IT visibility you need as an admin to make informed decisions around policy is packaged in the beautiful and easy-to-use UX you can expect from dope.security. No other SWG on the market offers this!

This dope.swg feature will be automatically available in August 2023. Trial instantly and see for yourself.

Technology Solutions
Technology Solutions
Company
Company
Cybersecurity
Cybersecurity
User Experience
User Experience
back to blog Home