What Is Shadow IT?

Shadow IT is the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization. It can encompass cloud services, software, and hardware.

The main area of concern today is the rapid adoption of cloud-based services. The growth of shadow IT has accelerated with the consumerization of information technology. Users have become comfortable downloading and using apps and services from the cloud to assist them in their work. 

Cloud access security brokers (CASBs) can help by providing both visibility and control of software-as-a-service (SaaS) apps.

What are the different aspects of shadow IT?

Shadow IT includes all forms of IT-related activities and purchases that the IT department isn’t involved in. These purchases can consist of:

  • Hardware: servers, PCs, laptops, tablets, and smartphones
  • Off-the-shelf packaged software
  • Cloud services: including software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS)

What is the most prevalent form of shadow IT?

Cloud services, especially SaaS, have become the biggest category of shadow IT. The number of services and apps has increased, and staff members routinely install and use them without involving the IT group.

What are the benefits of shadow IT SaaS?

Empowered users can quickly and easily get tools that make them more productive and help them interact efficiently with co-workers and partners.

What are the challenges that shadow IT presents?

Serious security gaps may result when an IT department doesn’t know what services and applications are being adopted. “App sprawl,” wasted time and money, and collaboration inefficiencies are other common problems.

What is a shadow IT application?

Any application that a department or end user adopts for business purposes without involving the IT group is considered a shadow IT application. These applications fall into three major categories:

  • Cloud-based applications accessed directly from the corporate network
  • Cloud-based, connected applications that are accessed with an OAuth token (using the credentials from a core SaaS application like Microsoft Office 365 or Google’s G Suite)
  • Off-the-shelf (packaged) software purchased by a department or end user and loaded onto the system. This type is rare now because of the popularity of SaaS solutions.

what is the risk from network-accessed shadow IT applications?

With the consumerization of IT, hundreds of these applications are in use at the typical enterprise. The lack of visibility into them represents a security gap. Although some applications are harmless, others include functionality such as file sharing and storage, or collaboration, which can present big risks to an organization and its sensitive data. IT and security departments need to see what applications are being used and what risks they pose.

What is the risk from OAuth-enabled shadow IT applications?

OAuth-enabled applications are convenient because they use existing credentials. But they also include permissions to access information in the core application (Office 365 and G Suite, for example). These permissions increase the attack surface and can be used to access sensitive data from file-sharing and communication tools. OAuth-enabled applications communicate cloud to cloud, so they don’t hit the corporate network. They are a blind spot for many organizations. Recent OAuth-related attacks have highlighted the need for better visibility and control of these connected apps.