back caretBlog

How Orgs Should Approach Shadow IT (& How NDR Can Help)

When shadow IT rears its head, here's the best way to respond

Non-IT department sanctioned tech solutions can pose security and compliance challenges for organizations, but it turns out, the outlook isn't all bad.

Have you ever found yourself in a pinch at work needing to print out a personal file on your lunch break? The bank, mortgage company, or student loan lender needs signed paperwork, and they need it now! So you transfer the file from a thumb drive or your personal cloud storage app account onto a work machine. Alternatively, maybe you need to get a project done fast, but you don't have the right tools. So you install non-IT department sanctioned software to help you get your work done more efficiently.

If you answered yes to any of that, you are technically using shadow IT. Dun-dun-DUN!

While non-IT-approved tech solutions can pose security and or compliance challenges for organizations, there are some bright sides. Organizations that maintain thorough visibility into what technology is in use on their network are able to curb inappropriate shadow IT while also learning what sorts of tools employees are interested in using. This information can be used both to protect the business and to securely provide employees with tools that boost their productivity, and their satisfaction.

A Recent Case Study in Shadow IT

A recent Harvard Business Review article describes a struggling retailer on the verge of collapse and a desperate VP determined to turn things around by paying out of pocket for a cloud-based CRM. Within months, the company comes out of its financial nosedive, but the VP in question is called into the boss's office, and narrowly skirts getting fired for creating a security vulnerability by implementing non-sanctioned software. The thing is, the busted VP had generated 1M in revenue each month since the rogue software implementation.

As this real-world scenario highlights, shadow IT is generally brought in for a reason—and a zero-tolerance policy is not necessarily the answer.

Shadow IT is Inevitable

The reality is, no policy can completely stop employees from using unapproved devices or services while at work. This doesn't mean you should adopt a lenient approach per se, but it does mean you have to plan for the inevitability of non-sanctioned IT. Allowing employees to take ownership of, and initiative with, the tools they use keeps morale up and may provide IT departments with a window into what kinds of technologies employees need in order to succeed.

Preventing App and Services Usage Causes Friction

Trying too hard to prevent employees from using the devices and services they want can cause friction, slow down the organization, and create a negative perception of security and IT teams. This doesn't mean eliminating policies and procedures altogether. Instead, disparate teams ought to learn how to better partner up, keep the lines of communication open, and remain agile.

When teams on the front lines of driving business objectives (think sales and marketing) don't have the right tools at their disp osal and feel like they're frequently being told "no," rather than "let's see how to secure this tool," it may create unnecessary friction between teams.

Adopting a mindset of collaboration and flexibility will help your organization scale, but it does put the onus on security and IT teams to monitor shadow IT and gauge its level of risk.

SecOps Can Detect Shadow IT on the Network

By observing network behavior in real time with a Network Detection and Response (NDR) tool, security and IT teams can detect shadow IT quickly and determine whether it poses a risk or can be safely onboarded with the correct policies in place. In some cases, it's essential to take a measured approach to remove shadow IT from the environment. But when this is necessary, take care to implement policies that aren't overly stringent.

By working closely with the network operations and IT teams, security teams can become drivers and enablers of innovation in the business, rather than being seen as "the people that always say 'no.'"

Recently, a global SANS Institute survey found that only 30 percent of SecOps teams currently work closely with NetOps. There is real value to convincing your organization to combine efforts between NetOps and SecOps to improve agility and encourage innovation, speed up threat detection and response, and reduce waste.

Read this white paper for the five key value drivers of an integrated SOC and NOC, as well as clear strategies to help you move forward.

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed