More than half of enterprise leaders are worried about shadow IT - here’s how to deal with it
Jun 14, 2022, 16:20 IST
The threats to an enterprise IT system sneak their way in mostly via shadow IT, and thereafter wreak havoc onto million-dollar systems of large and small organizations alike. The most common entry point is via Software-as-a-Service (SaaS) route. The increase in SaaS adoption within an organization, across business processes, only increases this risk.
In general, very few organizations vet or validate the apps and software downloaded by non-IT teams for security and privacy. Even fewer vet them for possible data leak and compliance - providing shadow IT with a lot of leeway.
A cause for concern
The proliferation of shadow IT is what more than half of enterprise leaders (57%) are worried about, according to The State of SaaS Management Report 2021 by Zluri Research. Even worrying is the state of SaaS-based cloud services which are making their clients more vulnerable to the risks of shadow IT.
The problems have been laid bare by the increased adoption of SaaS during the pandemic, to aid employees working from home. Distributed and remote work modules encourage employees to provision and manage their applications and the cloud, but this convenience has come at the cost of security.
So, what can enterprises and their technology leaders do to safeguard themselves from the risks of shadow IT? The real question should be - Can enterprises still leverage the advantage of SaaS while eliminating or at least reducing the risks. Here are some ways to make that possible.
Bring back stringent security protocols
In the last two years, few organizations have been strictly adhering to security protocols. And, it desperately needs to make a comeback. During the on-premise working era, no employee or a team could have any kind of an IT initiative without the involvement of the IT team. They invariably validate its security and data practices of the initiative. This protocol needs to be adopted even for hybrid and remote working situations.
Moving beyond IAM and Single sign-on
Identity Access Management (IAM) and Single Sign-On aren’t sufficient to keep the IT infrastructure safe. Both these tools can identify vulnerabilities only in applications that are recorded and identified by the IT stack. Hence there need to be second-level access management security parameters and processes that should be put in place. Additionally, SaaS management tools need to be tighter, to disallow entry of any unverified software into the environment.
Use automation to strengthen SaaS security
SaaS security is focused on protecting user privacy inside cloud applications. Both SaaS and the cloud are indispensable to organizations today. Shadow IT goes hand in hand with these systems. Organizations cannot grow without a few side apps entering the system. The only way forward to ensure all these three survive but do not pose threats to the infrastructure is to -- adopt automation for SaaS security.
Central point of observation for new software downloads
There needs to be one vantage point to observe apps downloaded, installed or used. Automation will help de-provision unused licenses, thus reducing the number of apps in the system, especially ones that are not actively contributing. A centralized observation point will effectively be the strongest tool to fight off the risks of shadow IT.
Shadow IT is an inevitable and natural product of digital growth in enterprises today. While its entry route may be identified as SaaS in the cloud, it is practically impossible to block it. It is however possible to keep some processes, checks and tools ready, to control any threat. This will be the only way out to reap the benefits of tech adoption with the least amount of risk.
SEE ALSO:
Google to launch accelerator programme for women entrepreneurs in India
Mukesh Ambani and Disney to get into an intense bidding war for another IPL package – here’s why it matters
All about the Agnipath recruitment scheme for the armed forces
Advertisement
In general, very few organizations vet or validate the apps and software downloaded by non-IT teams for security and privacy. Even fewer vet them for possible data leak and compliance - providing shadow IT with a lot of leeway.
A cause for concern
The proliferation of shadow IT is what more than half of enterprise leaders (57%) are worried about, according to The State of SaaS Management Report 2021 by Zluri Research. Even worrying is the state of SaaS-based cloud services which are making their clients more vulnerable to the risks of shadow IT.
The problems have been laid bare by the increased adoption of SaaS during the pandemic, to aid employees working from home. Distributed and remote work modules encourage employees to provision and manage their applications and the cloud, but this convenience has come at the cost of security.
So, what can enterprises and their technology leaders do to safeguard themselves from the risks of shadow IT? The real question should be - Can enterprises still leverage the advantage of SaaS while eliminating or at least reducing the risks. Here are some ways to make that possible.
Advertisement
Bring back stringent security protocols
In the last two years, few organizations have been strictly adhering to security protocols. And, it desperately needs to make a comeback. During the on-premise working era, no employee or a team could have any kind of an IT initiative without the involvement of the IT team. They invariably validate its security and data practices of the initiative. This protocol needs to be adopted even for hybrid and remote working situations.
Moving beyond IAM and Single sign-on
Identity Access Management (IAM) and Single Sign-On aren’t sufficient to keep the IT infrastructure safe. Both these tools can identify vulnerabilities only in applications that are recorded and identified by the IT stack. Hence there need to be second-level access management security parameters and processes that should be put in place. Additionally, SaaS management tools need to be tighter, to disallow entry of any unverified software into the environment.
Use automation to strengthen SaaS security
SaaS security is focused on protecting user privacy inside cloud applications. Both SaaS and the cloud are indispensable to organizations today. Shadow IT goes hand in hand with these systems. Organizations cannot grow without a few side apps entering the system. The only way forward to ensure all these three survive but do not pose threats to the infrastructure is to -- adopt automation for SaaS security.
Advertisement
Automated SaaS management systems help tighten user access to a risky app, or restrict its download into the system. The relevant protocol processes can be immediately activated by the automated tools which control rogue downloads. Automation can also add value with an uncomplicated SaaS process flow via de-provisioning and off-boarding workflows among other things - to effectively take the bite out of security threats. Central point of observation for new software downloads
There needs to be one vantage point to observe apps downloaded, installed or used. Automation will help de-provision unused licenses, thus reducing the number of apps in the system, especially ones that are not actively contributing. A centralized observation point will effectively be the strongest tool to fight off the risks of shadow IT.
Shadow IT is an inevitable and natural product of digital growth in enterprises today. While its entry route may be identified as SaaS in the cloud, it is practically impossible to block it. It is however possible to keep some processes, checks and tools ready, to control any threat. This will be the only way out to reap the benefits of tech adoption with the least amount of risk.
SEE ALSO:
Google to launch accelerator programme for women entrepreneurs in India
Mukesh Ambani and Disney to get into an intense bidding war for another IPL package – here’s why it matters
All about the Agnipath recruitment scheme for the armed forces