Shadow IT has become an emerging trend over the last decade as employees reliance on their own devices to work on-the-go has blossomed. But, its growth poses a tricky problem to IT departments, with potentially disastrous consequences. In fact, by 2020, shadow IT is expected to be responsible for a third of all successful security attacks on companies.
What is Shadow IT?
Shadow IT is the use of any IT-related hardware or software that is managed outside of the boundaries of the IT department – without their knowledge.
This can include:
- Hardware – PCs, laptops, servers, tablets, smartphones, and other IoT technology
- Off-the-shelf packaged software
- Cloud services – including Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS)
It has become a major source of concern due to the rapid adoption of cloud-based services over recent years. Where once the majority of users had a limited knowledge base, rapid consumerisation of the past decade has seen an increase in comfort around technology for even the casual user. Subsequently, users are now comfortable downloading, using and accessing cloud-based apps and services in order to aid them in their work. Currently, a typical enterprise uses in excess of 1,000 cloud services, of which only 10% are enterprise ready.
For users, employing shadow IT enables them to quickly access tools which enable their productivity, as opposed to having to go through a lengthy process with IT for approval. Many users may be unaware that they’re using unsanctioned solutions, such as using WhatsApp on corporate-owned devices, USB devices or cloud storage such as Dropbox.
What Risks Are Involved?
An unawareness of which applications and services are being used means that IT will be unable to monitor who is accessing their data. As a result, no records will exist for those who are observing, copying, downloading and transferring data.
Software Asset Management (SAM) requires IT to manage the process of approved software licence procurement. In the event of licences being procured externally to this process, IT is not able to carry out SAM, exposing the organisation to a series of risks. The discovery of unapproved software can mandate a complete infrastructure audit, whilst unlicensed or counterfeit software can ultimately result in an unlimited fine or imprisonment.
Backups of approved software are commonplace. However, if IT are unaware of what software is present on their networks, backups are not possible. Any data loss could have serious consequences on business, plus it could mean the possibility of fines.
Patching is a frequent occurrence for IT departments, with software updates regularly released by vendors to fix vulnerabilities. When an organisation is unaware of software being used, hackers can exploit unrectified weak spots, gaining access to data and systems. The unintentional downloading of malware with unapproved software is also a risk.
Striking The Balance Between Security and Productivity
A Blanket Ban Isn't the Answer
Legacy security products are unable to adapt to the new and flexible way people work. A lack of understanding of today’s cloud and web means they offer IT a binary policy choice – allow or block, whilst presenting blind spots. These legacy solutions frustrate both IT and users, limiting user productivity and preventing flexible working. Netskope enables cloud technology without compromising security.
Cloud Access Security Brokers are becoming an essential element for cloud security strategy, with 60% of large enterprises expected to employ a CASB to govern some cloud services, up from less than 20% in 2018. Netskope’s ability to govern Shadow IT is the ultimate CASB tool, striking the much-needed balance between enabling user productivity whilst maintaining high-levels of security and compliance.
Netskope’s all-mode architecture is capable of covering the cloud traffic of all your users. This isn’t just limited to on-site traffic – remote traffic is also covered, for web browsers, mobile applications, or sync clients. Traffic from both sanctioned and unsanctioned services are covered, with Netskope assessing the enterprise readiness and amount of uploaded data of services based on 50+ objective attributes and collects logs from web proxies which assess greater than 28,000 services.
Using Netskope, security policies can be determined based on identity, service, activity, and data. Policies can be defined based on the service category or the Cloud Confidence Level in the Netskope CCI. Subsequent actions can include: block, alert, bypass, encrypt, quarantine and coach for policy enforcement. Being able to entirely customer policy elements drastically reduces risk without blocking services.
Policies could include “prevent uploads of sensitive data to personal cloud storage services” or “allow access to Finance/Accounting services for finance department only”. Full adaptability can be applied to policies. For instance, personal OneDrive’s may be allowed to download documents but upon attempting to upload corporate information, it will be blocked with an explanation.
Data Loss Prevention (DLP)
Many cloud services are designed to make information sharing simple, yet these capabilities put sensitive data at risk. Netskope uses the industry’s most sophisticated DLP and advanced data encryption which detects and protects sensitive content as it moves in and out of both sanctioned and unsanctioned cloud services.
Detailed audit trails can be maintained for all cloud activities, ensuring compliance by governing access to cloud services. Netskope can enable granular, activity-level or data-level policies to be enforced in order to safely enable cloud services whilst complying with regulations.
As new cloud apps and services are adopted within an organisation, both discovered and requested apps are checked. Netskope CCI (Cloud Confidence Index) swiftly evaluates the range of cloud services available to ensure SaaS services are selected that suit needs, whilst meeting security, audit, and business continuity requirements.