<img src="https://secure.leadforensics.com/772.png" style="display:none;">
AdobeStock_296312054

Blog, Press & Events

Access the latest blog, news and events content from Calero-MDSL.

shadow-it
2 min read

Shadow IT: The DIY SaaS That Puts Systems At Risk

Jun 3, 2021

Shadow IT has long been a common business unit practice. When the wait for an approved solution from the corporate IT department feels too long, users navigate around the corporate policy and find their own solution. While there’s immediate relief to a pain point, there are compound long-term security and spend implications. How can an organization recover and take control?

Even the most benign of SaaS solutions can put a company at risk, functioning outside the parameters of IT security, privacy, and regulatory requirements. And the inherent challenge with SaaS, is that the risk is not a static moment in time. The institutional intelligence lives on in the cloud even as the user discontinues software usage. This means long-term exposure to both security breaches and spend.

The Impact of Shadow IT

The initial downside of Shadow IT is straightforward. A SaaS solution functions outside the rules and controls imposed and managed by the IT department including security, privacy, and regulatory requirements. It is a weakness in security.

But the impact can be far greater. Any institutional intelligence generated in this unauthorized software system may easily be lost when a SaaS platform has served its purpose and is no longer utilized. The company may continue paying for a subscription that goes unused for years, compounding security exposure concerns.

Knowing this, Shadow IT itself is not the real problem. The problem is when Shadow IT is left undetected and unchecked.

Many of these they software solutions do not do anything specific enough to show up on security scans, evading IT. The irony is that sometimes, rogue applications could prove to be beneficial to an organization if vetted and incorporated into the permitted SaaS offerings.

So how can you proactively trace, assess, and address this Shadow IT?

Follow the Money

The simple answer is to follow the money. There’s always payment made for usage, and if you can unearth this, you can follow the trail to uncover and rectify Shadow IT instances. But with personal credit card usage, this is much easier said than done.
 

In the case of Shadow IT, it's impossible to have complete control over SaaS spend. Following the money may be a simple answer but it doesn't always solve the entirety of the problem at hand. If you don't have visibility into your SaaS estate with a plan to account for these outliers, then you really don't have full visibility.

Where to Start - Resolving Shadow IT

There are many routes to consider while addressing a Shadow IT problem with any organization. Corporations can (and should) certainly develop and publish a list of sanctioned apps that cannot under any circumstances be installed on the network. However, in many instances the Shadow IT apps in question can prove beneficial to business outcomes and should be adopted and absorbed into corporate IT management.

Again, this is easier said than done. Part of the reason Shadow IT presents itself in the first place is due to the lack of time and/or resources. While this is a great start, this plan will not always be easy to keep up with as the SaaS estate grows.

Keep TEM Lurking in the Shadows

Detecting and managing Shadow IT activity in your network is an important but often tedious task that detracts from valuable time spent evaluating SaaS offerings and setting up a safe network. Consider bringing in TEM experts to keep a careful eye on your technology spend and catch these unapproved activities. Calero-MDSL offers SaaS expense and subscription management to help keep Shadow IT under your control.

Featured