83% of employees use free unsanctioned cloud storage apps like Dropbox to store company information

Source:2016 NTT Communications survey of 500 IT decision makers

How common is Shadow IT?


* Source: 2016 NTT Communications survey of 500 IT decision makers

What are the risks associated with Shadow IT?

Most cloud apps today are far from enterprise-ready when it comes to security. Threats from unsupported apps include malware and ransomware that can result in damaged data and financial risk to the company, and unfortunately traditional web security products have not kept up with these threats. Common risks are:

Lack of enforced strong user authentication
Cloud apps often lack enforcement of modern strong user authentication, meaning that anyone with just a username and password can access the cloud application. Although the cloud application might support strong user authentication, it is often not enforced, leaving the system and its data at risk. For example, using Dropbox without user authentication for file sharing puts your data at risk of falling into the wrong hands.

Damage to brand reputation
History has shown that data breaches can have catastrophic consequences to not only brand reputation, but also share prices and loss of customers and associated revenues. Cloud apps hiding in the shadows and outside of IT’s control represent a huge risk to organizations that can lead to loss of shareholder trust in addition to all of the above.

Data leakage
According to research more than half of all data breaches in 2015 were caused by inadvertent human error. Common data leakage threat vectors include tools for file sharing, instant messaging, USB sticks, and email. Without the ability to see and control what happens to your data, you are adding significant risks to your business.

Compliance violations
Data regulations are quickly becoming  stricter and the fines for insecure handling of customer and employee data are no longer to be ignored. Can you convince the auditors that unsanctioned cloud apps are not exposing your data? 

Where do you start?

Simply blocking access to commonly used applications is no longer the answer. Instead you should look to address the root of the problem. Here are three steps to help reduce the risk from Shadow IT.

Light up those shadows
You cannot fix what you cannot see, therefore the first step is to get visibility into which apps are being used in the organization. A cloud app audit can help, and often reveals a much larger amount of cloud apps being used than expected. With CensorNet’s Cloud Application Control you can see all cloud apps used on your network, and you can even look within them to see what functions are being used and alert you if inappropriate content is being shared. Cloud Application Control can also show where each cloud application stores your data.    

Use policies to limit exposure
Once you have the necessary visibility into the apps used, you can use policies to limit your exposure. CensorNet’s Cloud Application Control offers the granularity you need to limit certain actions in those cloud apps used. For example the use of Dropbox is not always dangerous, but certain functions like file uploads that represent a risk can be restricted.

Educate users and deploy best practices
Once you have the valuable insights into what your users are doing, you can begin to educate users that perform risky actions. Establishing this dialog and offering them guidance and best practices to follow will help fix the root cause of Shadow IT. For example if some employees use unsanctioned apps like Dropbox to share data externally, then your team can work to make sure there is a secure alternative like e.g. Citrix ShareFile with strong user authentication.