Shadow IT is hardly a hidden threat to security professionals. Gartner was warning, way back in 2016, that 1 in 3 successful attacks experienced by enterprises would come from the use of unsanctioned apps by 2020. Code42’s Data Exposure Report just about proves Gartner’s prediction, showing that more than 1 in 3 workers use unauthorized apps daily — and 1 in 4 share or send files with unauthorized apps at least once a week. It’s hardly shocking. We all know users get frustrated when corporate tools are too restrictive, slow or lack features, so they take the path of least resistance. Many times, the motivation is pure – employees usually just want to stay productive.
2020 is the year shadow IT took the spotlight
What Gartner didn’t predict was that by the end of 2020, nearly half the U.S. workforce would be working remotely full-time. The massive shift to remote work has turbocharged the shadow IT problem. Users are working from home, working in new ways, rapidly adapting and finding ways around problems in order to get work done. Organizations are now critically dependent on user agility and ingenuity; they’re encouraging it. This is driving a resurgence in shadow IT risk, with half of security professionals saying shadow IT is a major problem.
Don’t forget about mirror IT
We can’t talk about shadow IT without discussing its closely related cousin, mirror IT. As more organizations adopt platforms which originated as consumer technologies — think Gmail, Google Drive, WhatsApp, etc. — the lines between professional and personal activity are blurring. Even some of the most sophisticated DLP tools can’t tell more than that Google Drive accessed a file – they can’t determine if a user is sending a file to a professional Gmail account (no big deal — happens all day, every day) or a personal Gmail account (big problem).
You don’t need to shut down shadow IT — just bring it out of the shadows
The goal with shadow IT shouldn’t be to definitively shut it down. We know that won’t work in the long term — and will only chase unsanctioned activity further into the shadows (that’s how we got here in the first place, right?). Instead, security teams need to work to gain visibility — so you can monitor shadow IT, see where the truly risky activity is, and respond quickly to prevent damage and data loss.
How Code42 Incydr sheds light on shadow IT
One way to shed light on shadow IT is to use a data protection solution built around providing visibility. That’s how Code42 designed Code42 Incydr™ — to collect information about every version of every file, giving businesses full visibility to where data lives and moves. Incydr uses an agent and a wide array of integrations to see from endpoints to the cloud, including off-network and shadow IT activity. Incydr gives you a companywide look at all file movement to untrusted destinations — things like web uploads, personal email attachments, Dropbox uploads, and use of installed personal apps like Slack and personal OneDrive. Incydr uses context like domain and account username to distinguish between corporate and personal usage to uncover mirror IT. And it gives you a clear list of all employees using unsanctioned apps — and a focused list of the top employees using each application. With that kind of oversight, security teams can monitor, investigate, and mitigate these data loss risks.
Managing shadow IT is a powerful opportunity to become a business enabler
Security pros will immediately see how a tool like Incydr could be immensely valuable to their data protection strategies. But when shadow IT is managed in this way, security is able to provide big value to the business, as well. By monitoring and managing, security teams become better business enablers and support the needs of staff and business users. And by empowering the user agility and ingenuity that organizations rely on more than ever, security leaders become trusted advisors and facilitators, helping the organization move forward successfully and securely.