How to Keep Shadow IT from Putting Your Data Security in Danger

By Nathan Drager | June 25, 2020 | Comments Off on How to Keep Shadow IT from Putting Your Data Security in Danger

How to Keep Shadow IT from Putting Your Data Security in Danger

Do you know all the different applications your employees are using in the course of their daily tasks?

Even though companies approve specific work apps for use, employees will often begin using another application on their own with good intentions. This is especially true due to the need to work from home during the pandemic.

For example, an employee might have begun using a free Zoom account for video conferencing, because their company didn’t have another program in place when the pandemic quarantine started.

When employees use technology that is not pre-approved by their company, it’s called shadow IT.

47% of security professionals say that use of shadow IT by at home workers is a major cybersecurity problem.

Shadow IT can pose both an opportunity and a risk. Here’s why.

In the case of an employee using Zoom without it being approved, the employee could be using the wrong security settings that make their meeting vulnerable to Zoom-bombing. This could also lead to exposure of any sensitive data shared during the meeting.

But, with the proper security precautions taken, their company could decide that Zoom is a good app to work into their business workflow to keep everyone connected. So the employee did them a favor by finding an app to fill a need.

The main issue with unchecked shadow IT is that an organization has no idea how it could impact them because they don’t know about it.

Steps for Controlling Unauthorized Use of Technology

There may be more unapproved apps being used to store your business data than you realize. In a survey of security professionals by NTT Communications, 83% said employees stored company data on unapproved cloud applications.

Unchecked shadow IT leaves your data at risk of both a data breach and loss. How can you know to protect and backup data that is in an app you aren’t aware of?

Here are steps for controlling shadow IT so it doesn’t sink your company’s data security strategy, yet you can still take advantage of the positives.

Discover Uses of Shadow IT

There are two methods you can use to discover applications being used by your employees without approval.

  • Survey Employees: Ask your employees to list all the applications they work with. Some may not even realize they are using an unauthorized app or that doing so is a problem.
  • Use a CASB to Discover Shadow IT: A cloud access security broker (CASB) monitors and secures employee access to your business cloud applications. It can detect uses of any unauthorized cloud apps.

Review Shadow IT for Opportunities

Not all shadow IT is bad once it’s been brought out into the light. Review any apps that employees use that haven’t already been sanctioned and look for any that you may want to add to your workflow permanently.

A CASB is also helpful here because it can review applications and let you know their compliance level and whether or not they would be a security risk.

For example, Microsoft Cloud App Security has a database of 16,000 apps and 70 types of risk that are used to assess the safety of cloud apps.

Decommission Unapproved Shadow IT

For any of the unauthorized apps that you aren’t choosing to use, you’ll need to have employees stop using them and decommission them properly.

This involves migrating any data that the apps contain to an approved cloud application and closing user accounts associated with your company email domain.

Create an App Use Policy & Train Employees

Many employees begin using unapproved apps for work because there is no app use policy in place. Or if there is, they are unaware of it.

Shadow IT is an ever-present threat, and one that needs active mitigation to keep it from getting out of control.

Create an application use policy if you don’t already have one that let’s employees know exactly which applications they can use in the course of their work. Make sure to include both desktop and mobile apps.

Include this in your ongoing cybersecurity training so employees are aware what shadow IT is and why they should not use unsanctioned applications for work.

Give Employees a Path to Recommend Apps

When employees begin using an application on their own there are a few reasons:

  • It may be easier to use than the approved application
  • It may integrate better with other work processes
  • It could fill a gap in technology tools

Just because you don’t want applications used without permission, doesn’t mean you should miss out on the benefit of employee input on cloud work tools. Often the person working with a tool every day can offer the best insight into whether an app is productive or limiting.

Put a path in place that employees can follow to recommend applications for approval. This allows you to keep the opportunities of shadow IT without the risks.

Secure Your Cloud Applications Before You Suffer a Breach

Most Sturgeon Bay businesses have transitioned to the cloud, but their IT security plan hasn’t yet caught up. Quantum PC can help you put cloud security in place that will keep your data protected.

Contact us today to learn more. Call 920-256-1214 or reach us online.

Posted in Blog, Security

About Nathan Drager