Shadow IT, What it is and how to avoid it

Shadow IT, What it is and how to avoid it

share post

What do we mean when we talk about Shadow IT, shadow IT or parallel IT? We are referring to software not controlled by IT that employees resort to to satisfy their needs. These cloud tools pose a great security threat to the organization.

According to studies, approximately half of IT budgets are allocated to solving the problems that Shadow IT generates in the organization. This is based on the fact that employees, approximately 80% in organizations, do not feel that it is necessary to communicate it to the technology managers of their companies and in this scenario, we find that more than 82% of companies are completely unaware of the number of shadow applications that your employees use day in and day out. The shadow SaaS that is most widespread among organizations is Dropbox and WeTransfer and they basically seek to satisfy needs that the tools they have do not meet.

Shadow IT therefore becomes a major problem when employees use it to work with confidential and/or sensitive customer or company information. Can you imagine a bank that shares large amounts of sensitive information via WeTransfer? The storage and distribution of this data by employees in different media means that the information is stored at rest without being encrypted by servers without control and external to the organization, with a total ignorance of where they are hosted and that, in case of cyberattack, theft of credentials or data exfiltration, will be exposed to third parties, mainly assuming a problem of reputation and public image of the brand (case of Yahoo! or more recently of Easy Jet) and of a regulatory breach, which in Europe, entails strong economic sanctions to the organization.

How to avoid Shadow IT in your organization?

It is essential that organizations' IT teams have under control the software and tools that their employees use every day to avoid cybersecurity problems. In this case, it is important:

  • Analyze what needs employees have
  • How the tools available to them satisfy that need according to the IT and cybersecurity strategy.

In the case of tools for sending and receiving sensitive and/or large files, it is believed that with collaborative environments included in your business suite, such as Google Drive or Microsoft OneDrive, the need is satisfied. But this is not the case, these tools have been developed for internal productivity between employees and do not have specific security configuration or advanced end-to-end encryption standards. They have not been developed as a channel with the outside of the organization and they constantly endanger the company's information. This is when Shadow IT problems start

On the one hand, it is important to consider safety and on the other, the possibility of human error on the part of employees. These are the weakest link, who can share confidential folders hierarchically with third parties outside the organization without wanting to.

For cases of secure sending and receiving of corporate files, Tranxfer includes advanced security policies and an easy-to-use user and administrator interface. Together with the integration with SIEM, Tranxfer also offers traceability and audit reports that, together with its configuration, allow transfers to be made in compliance with GDPR.

Get Started with Avada Crypto

Looking for help? Get in touch with us

More articles