Shadow IT refers to the use of IT-related hardware, software, applications and services without the approval of the IT department.
It often occurs when employees use tools and technologies outside official channels to do their jobs more efficiently.
While these solutions are often well-intentioned and focused on productivity, they can pose significant risks to the organization.
Why is Shadow IT a Problem?
Shadow IT creates several challenges and risks, including:
- Security risks: Unauthorized tools and services can expose sensitive data to breaches.
- Operational Disruption: Several uncontrolled systems can lead to incompatibility and inefficiency.
- Compliance Issues: Using unapproved software can lead to violations of regulations and company policies.
Shadow IT adds complexity to managing your infrastructure, from onboarding new employees to supporting business needs.
That’s why it’s essential to discover what’s really going on within your IT environment.
This article will help you identify shadow IT with the least amount of resources possible.
Techniques to Uncover Shadow IT
Detecting and managing shadow IT requires a multi-faceted approach.
You can’t just buy a secure, compliant and efficient IT environment.
Implementing these strategies will give you better visibility into your IT environment and reduce the risks associated with shadow IT.
🔍 Talk to your People
- Communication: Survey and interview employees to understand what tools they use and why.
- Visit the workplace: You’ll be amazed at what you discover by simply walking around.
- Listening: Listen actively and avoid penalties for using unauthorized apps, especially if they were in use before you got involved.
🔐 Cloud Access Security Brokers (CASBs)
- Monitoring: CASBs help discover and manage shadow IT by monitoring cloud app usage and identifying unapproved apps.
- Risk assessment: Conduct a risk assessment on discovered SaaS apps.
- Compliance and Security: CASBs are often used for data loss prevention and enforcement of compliance and security policies.
🌐 Network monitoring
- Unusual Patterns: Use tools to track unusual data patterns or anomalies.
- Open Source Tools: Examples include Cacti, Prometheus, WireShark, and Zabbix.
- Challenges: Large amount of data, encryption of modern applications and risk of false positives.
📝 Regular Audits
- Audit: Conduct regular audits focused on software and application usage to discover shadow IT.
- Compliance: Ensure ongoing compliance and address emerging risks.
💳 Expense Management Solutions
- Follow the Money: Use spend management solutions to track purchases of software and services that have not gone through the official IT procurement process.
👩🏫 Employee Education and Engagement
- Explain risks: Educate employees about the risks of shadow IT and encourage them to use approved tools and services.
- Collaborate: Work with departments to understand their needs and reduce temptation for using unauthorized solutions.
💼 SaaS Management Platforms
- Visibility: Ensure visibility into all SaaS applications used within the organization.
- Risk Assessment: Assess risks, manage costs and enforce IT policies.
Shadow IT Tracking with Intune
Microsoft Intune is a cross-OS device management platform optimized for Windows.
It is an add-on to Azure AD (now known as Entra ID), but often they are bundled together.
Azure AD will not detect shadow IT: It is purely an identity and access management (IAM) solution.
Intune inventories which apps are present on registered devices.
Go to Apps > Monitor > Discovered apps to see what apps are installed on managed devices.
- App List: View installed apps by device.
It lists discovered apps with names and version numbers.
- Export: The list is exportable by device and varies by OS.
This is what a report looks like for a Windows PC in the devices sheet:
Note: Do not confuse this with app monitoring and allocations managed under Apps > All apps.
That feature is used to distribute apps throughout your fleet.
These reports focus on locally installed apps; Intune will not audit your users’ SaaS apps.
Microsoft’s Defender for Cloud Apps is a CASB billed and managed separately from Intune.
Other options include extending Active Directory with SSO and IT asset management.
Zero Trust Endpoint Protection
By using zero trust endpoint protection, you can further improve security and manage shadow IT more effectively.
Zero trust is an approach where no device or user is trusted without authentication, helping to create more robust security policies.
Want to learn more about how zero trust endpoint protection can provide a solution against shadow IT? Contact us for a demo and find out how we can help you make your IT environment more secure and efficient.
