How to Manage Shadow IT So It Doesn’t Haunt Your Business
Threat actors are lurking in many corners, silently probing for points of entry in order to subvert cybersecurity protections and gain access to organizations.
IT and Information Security (IS) departments in government and commercial organizations have to reduce vulnerabilities – like Log4Shell – mitigate the likelihood of catastrophic attacks, like ransomware, and secure their organization. These key objectives require security teams to know what to protect and monitor. Unfortunately, these tasks are more difficult than ever before.
With innovations lowering the barrier to adoption of new technologies like cloud computing and software-as-a-service, most business units can acquire new software and services without having to go through IT. This has led to a dramatic increase in “shadow IT” – a serious problem that organizations must manage before it’s too late.
What Is Shadow IT?
Shadow IT involves the use of software, cloud services, devices or hardware by a department or an individual within the organization that is managed outside of, and likely without the knowledge of, the IT team.
How Has Shadow IT Evolved?
Shadow IT evolved as technology decisions and spending shifted away from IT oversight and control. Today, many new technology purchases (and the corresponding budgets to pay for them) are primarily driven by business units looking for products to drive innovation, increase productivity and deliver on their mission or goals. Complicating the rise of shadow IT further is the ease of acquisition; most technologies are easily purchased with a credit card and receive even less scrutiny from a risk and vendor management perspective.
The Cyber Risks of Shadow IT
While improving business operations and productivity is always important, shadow IT is a major risk to most organizations. According to a 2019 Forbes Insights survey, “Perception Gaps in Cyber Resilience: Where Are Your Blind Spots?” 46% of survey respondents believe that direct purchasing of technology by business units made securing their enterprises impossible.
Escalating the shadow IT issue even further are employees who choose their own technology without any involvement from the IT department at all. In fact, more than 80% of employees use unauthorized SaaS applications at work according to one survey by McAfee. While managers may allow employees to choose their own technology solutions at work, this hinders the ability of the IT department to assess risks and can also introduce possible compliance violations, data leaks, and other security problems.
With the growing number of cyberattacks and threat actors looking to take advantage of any organization, it is important for security teams to find, continuously monitor, and understand how to manage shadow IT. If left to grow unchecked, shadow IT residing in various corners of your organization can significantly increase your attack surface (all the possible points, or attack vectors, where an unauthorized user can gain access to a system) without the knowledge of your security teams. This is why IT teams looking to find shadow IT should also be strategically looking to define their attack surface.
Further complicating the issue is the fact that new vulnerabilities are constantly arising. These newly identified security gaps can provide additional entry points for threat actors to exploit. And when these attack vectors occur in shadow IT, security departments are unable to adequately defend against threat actors. After all, staff cannot protect assets that they do not know exist.
4 Tips to Find Shadow IT and Monitor Your Attack Surface
Thankfully, technological innovation has made finding shadow IT and defining your attack surface easier than ever before. With Attack Surface Management (ASM) tools, security teams can now shine a light into the dark corners of the enterprise and protect against visibility gaps.
Forrester defines ASM as “the process of continuously discovering, identifying, inventorying, and assessing the exposures of an entity’s IT asset estate.” ASM solutions provide the “outside-in” view of your organization by identifying all your internet-connected assets and services, including those in the cloud. In fact, a recent Forrester report revealed that, on average, attack surface management tools initially discover as many as 30% more cloud assets across the organization than security and IT teams knew about.
So how can you find and manage shadow IT with an ASM tool?
- First, you should leverage an ASM provider that can be implemented quickly—in a day or two, depending on the size of your organization—and perform discovery with minimal input. The best ASM tools are agentless and can be implemented without requiring you to replace any part your current security stack.
- Second, with just a little information, such as your domain name, a top-notch ASM solution will start to scan your organization externally and identify your digital footprint. That digital footprint should map your domain infrastructure and sub-domains and provide a compilation of all assets or services connected to the internet. This inventory should highlight if there’s a risky service, open port, or vulnerability that exposes your organization to potential malicious activity.
- Once you have this inventory, the solution should continuously monitor your attack surface on a regular cadence – daily, weekly, bi-monthly, or monthly – depending on your organization’s needs and risk profile. This will provide you with a history of your inventory and changes to your attack surface over time, which can aid in prioritizing newly discovered concerns and highlight the value the security team is bringing to the enterprise when briefing executive leadership.
- Finally, your ASM tool should have a flexible API and offer integrations that enable your security team to share important findings with business units or non-security team members and push relevant discoveries to your security appliances or tools for remediation or mitigation.
Get Control of Shadow ID
Adversaries continually search for vulnerable assets and common vectors to gain access to networks and launch cyberattacks, including ransomware. Upon public disclosure of new security vulnerabilities, threat actors are quick to take advantage of the news, initiating scans in an effort to exploit these newly discovered issues.
The exponential growth of shadow IT only complicates things further, as it’s yet another avenue for bad actors to potentially exploit. Which is why businesses must know how to manage shadow IT to mitigate any current and future risks.
If your organization is plagued by shadow IT and needs help finding all those assets, LookingGlass can help. Contact us today to talk about how we can support you in shining a light in dark places.