This post was originally published here by Paul Sullivan.
Shadow IT refers to the unsanctioned applications used by employees who disregard IT’s app approval processes. By definition, this means that IT departments lack complete visibility into what is being used to store and process data. This invites risks like data exfiltration from malicious insiders, upload of sensitive data to unsecured cloud apps by careless employees, and more – all without IT’s knowledge.
Beyond the few dozen popular cloud apps like Office 365 and Salesforce, there are thousands of lesser-known cloud apps tailored to specific jobs and industries; for example, accounting or auto repair. These are tools that employees may use to unknowingly put corporate data at risk. Unfortunately, employees are using this long tail of SaaS whether IT has control over said apps or not.
To illuminate these unsanctioned applications, cloud access security brokers (CASBs) can analyze traffic logs and match domains and IPs with known apps. This informs reports that detail how much traffic is going to each app and which users are responsible. This is then matched with information about the apps themselves so that IT can determine if they present risks to the organization.
It is important to note that the accuracy of the above analysis is only as good as the information that a CASB can provide about each app. CASBs that rely upon the manual categorization of cloud apps can never completely defend against shadow IT – they are constantly playing catch up with new and updated apps. Fortunately, Bitglass’ Zero-day Unmanaged App Controls are powered by machine learning, allowing the automatic detection and analysis of any application.
With Bitglass, the Next-gen CASB, there are many ways to protect against the risk of shadow IT. If an unsanctioned app is deemed trustworthy, it can be officially integrated into the company and secured like any other app. If a certain app is needed to interact with customers but is likely to lead to leaks, it can be made read only. Alternatively, any app can be completely blocked. While there are many tools for remediating shadow IT usage, securing these data leakage paths begins with identifying the unsanctioned apps in use.
