The term “shadow IT” has been around so long that according to Chat GPT-4, the exact year when the term was first used is unknown. (At least Chat GPT-4 didn’t hallucinate the answer!). The term “shadow IT” was initially coined to describe the phenomenon where applications and infrastructure are used by employees outside of the central IT department. However, this concept should also encompass scenarios where identities have unmanaged access to known applications. This is particularly relevant in today’s security landscape, where identity has become the new perimeter.
The lack of oversight over shadow IT means applications and systems may not adhere to an organization’s security policies or standards, resulting in blind spots. These blind spots can leave businesses vulnerable to cyber threats. Gaining visibility to discover exactly what’s lurking in these shadows is crucial.
And here’s why - if you’re not aware of or don’t control the identity, application, or asset in the first place, you don’t control the associated operations or data. This lack of control is a direct consequence of shadow IT and presents a not-so-obvious yet significant vulnerability for organizations. Shadow IT has multiple facets, from “shadow Assets” to “shadow Access.” Let’s delve into each one with examples, starting with shadow assets.
Shadow assets are unsanctioned applications or systems unknown to IT and security teams and are what most come to mind when the term shadow IT is used. Here are some examples of shadow assets:
-
Usage of personal cloud file-sharing applications for work data
-
Utilization of unsanctioned data analytics tools
-
Unapproved container orchestration systems
-
Unknown secrets managers deployed to secure production applications
-
Unknown directories or identity providers not managed by the organization’s IT Admins
And if all of the shadow assets out there weren’t a big enough problem, IT and security teams also need to contend with shadow access. Shadow access is unmanaged access by identities to known applications and infrastructure. Here are some examples:
-
Users who access company’s sanctioned applications, such as a customer resource management (CRM) system from a local account bypassing SSO and MFA controls
-
Assets that get spun up by DevOps teams and pushed to production that are not managed by a company’s directory services
-
Users with elevated access who are not using privileged access management (PAM) systems to access sensitive applications
-
Remote employees accessing company applications without adhering to zero trust network access (ZTNA) controls
-
Usage of unmanaged service accounts that interact with IT applications and services
Again, it’s often not purposeful malicious activity that leads to these scenarios, as employees can simply turn to shadow assets because they feel they can’t wait for approval, or they believe some other technology is a better option for them and the company. Shadow access can happen due to misconfigurations of identity security systems such as active directory, identity providers, privileged access systems, and other security controls such as ZTNA.
Turning to tools that provide actual visibility into what identities are really doing is key – across both dimensions of shadow IT, shadow assets, and shadow access- regardless of the platform (cloud, SaaS, own-premises) and location (office-based, remote).
This is achievable by deploying identity security posture management (ISPM) solutions like AuthMind. Those evaluating AuthMind are often amazed at how much visibility they gain to shadow assets and shadow access only hours after the platform is deployed.
Reach out if you want to learn how AuthMind can help with your Shadow IT challenges!
