What is Shadow IT?

Your IT department spends a great deal of time distributing security information and maintaining your organization’s internal security processes. Unfortunately, a persistent threat, deemed shadow IT, is still making its way into your organization’s network.

What was once an annoyance to IT teams is now becoming a major threat to security performance managers. Increasingly sophisticated hackers are taking advantage of the shadow IT lurking in networks, even in some of the well-managed cybersecurity systems. 

What is shadow IT, and why should your security team care? We’ve compiled a list of the most asked questions surrounding shadow IT to help ease security manager’s concerns and offer realistic solutions. 

Q: What is Shadow IT?

Shadow IT can refer to a number of different IT applications, cloud software, outside technologies, and devices (laptop, smartphone, etc.) that are connected to an organization’s network without the knowledge of the IT department. These non-approved technologies aren’t vetted through the usual IT vendor onboarding process, which means they might have security standards that are below your organization’s normal risk-thresholds.

It can be hard to believe that your IT department would miss critical vendors being given access to your network, but research shows that the average organization houses over 900 unknown cloud services, and 80% of workers surveyed admit to using SaaS applications at work without getting approval from IT.

Examples of shadow IT that could live on your network:

• Messaging apps used on corporate-owned devices (Snapchat, WhatsApp, Slack, Facebook Messenger, Signal, Skype)
• Physical devices not monitored by IT but connected to your network, including:
  • Personal smartphones
  • Laptops (we will hit on more later but this can include your family’s devices connected to your home internet while you’re working from home)
  • Flash drives
• Cloud storage (Dropbox, Google Drive, AWS)
• Workplace efficiency apps meant to increase productivity (Trello, Airtable, Wrike, Monday.com, etc.)
• And more...

Q: If Everyone Has It, Should I Worry That Much?

It might be hard to believe in the danger of shadow IT if security managers aren’t constantly talking about it. In reality, when the sources of data breaches are not always made public, it can be because security teams are embarrassed to admit to having shadow IT. Major data breaches, like SolarWinds, are impacting large numbers of companies because IT departments weren’t aware that SolarWinds software was present because it had been downloaded by an employee for free. 

Shadow IT is there, and it’s worth your worrying about. With today’s remote office environment, employees around the world are accessing their organization's network from home internet points. This means that anyone else using that same internet is also connected to the company’s network, which dramatically expands the attack surface for bad actors to infiltrate.

Q: My Employees Are Educated On Cybersecurity Best Practices, Why Are They Using Shadow IT?

Your employees most likely are not trying to welcome bad actors onto your network by choosing to bypass IT protocols. In reality, the most common reason for shadow IT on your network is because your employees are trying to work more efficiently, and are trying out a new service or cloud provider. Sometimes the team leaders don’t realize even the seemingly smaller integrations still need to be run through IT, and other times the need is urgent and employees don’t want to wait for the IT audit to be completed.

In other instances, employees might be very conscious of their cybersecurity decisions on the company network, but don’t know how using a remote internet connection or using personal devices for work could impact the company. Including shadow IT in your employee cybersecurity training is the best way to educate your workforce about the potential danger of their decisions. 

Q: How Can I Locate Shadow IT On My Network?

Protecting your organization from bad actors requires a monitoring technique that scans for shadow IT. Manual processes or tools requiring oversight from a member of the IT department can be time consuming, and can fail to monitor every corner of your network. 

Attack Surface Analytics from Bitsight

With Bitsight for Security Performance Management, customers are given access to Attack Surface Analytics. Attack Surface Analytics specifically helps program managers discover hidden assets and cloud instances on your network. Bitsight then will assess the discovered areas of shadow IT for their inherent risk to your business, and then help bring them into line with your corporate security policies. 

If you’re curious about what shadow IT is lurking in your network, you can request an Attack Surface Analytics report with Bitsight today.