How to avoid Shadow IT?

What threats does our company have?

share post

When we talk about Shadow IT, shadow IT or parallel IT, we are referring to that software that employees use regularly to meet their job needs but that are not controlled by the IT team and that pose a threat mainly from security for the organization.

According to studies, approximately half of IT budgets are used to solve the problems that Shadow IT generates in the organization and this is based on the fact that employees, approximately 80% in organizations, do not feel that it is necessary to communicate it to those responsible technology of their companies and in this scenario, we find that more than 82% of companies are completely unaware of the number of shadow applications that their employees use day after day. The shadow SaaS that is most widespread among organizations are Dropbox and WeTransfer and they basically seek to satisfy the needs that the tools they have do not do.

Shadow IT therefore becomes a major problem when employees use it to work with confidential and/or sensitive customer or company information. Can you imagine a bank that shares large amounts of sensitive information via WeTransfer? The storage and distribution of this data by employees in different media means that the information is stored at rest without being encrypted by servers without control and external to the organization, with a total ignorance of where they are hosted and that, in case of cyberattack, theft of credentials or data exfiltration, will be exposed to third parties, mainly assuming a problem of reputation and public image of the brand (case of Yahoo! or more recently of Easy Jet) and of a regulatory breach, which in Europe, entails strong economic sanctions to the organization.

How to avoid Shadow IT in your organization?

It is essential that the IT teams of organizations have under control the software and tools that their employees use every day to avoid cybersecurity problems and loss of data control. In this case, it is important:

  • Analyze what needs employees have
  • How the tools available to them satisfy that need according to the IT and cybersecurity strategy.

In the case of tools for sending and receiving sensitive and/or large files, it is believed that with collaborative environments included in its business suite, such as Google Drive or Microsoft OneDrive, the need is satisfied. But this is not the case, these tools have been developed for internal productivity among employees and do not have specific security settings or advanced end-to-end encryption standards. They have not been developed as a channel with the outside of the organization and constantly endanger the company's information.

On the one hand, it is important to consider security and on the other, the possibility of human error on the part of employees, the weakest link, who can share confidential folders in a hierarchical way with third parties outside the organization without wanting to.

For cases of secure sending and receiving of corporate files, Tranxfer includes advanced security policies and an easy-to-use user and administrator interface. Together with the integration with SIEM, Tranxfer also offers traceability and audit reports that, together with its configuration, allow transfers to be made in compliance with GDPR.

Get Started with Avada Crypto

Looking for help? Get in touch with us

More articles