How to Detect And Monitor Shadow IT

5 min read Mansoor Ahmed

50% of IT spending at large enterprises is on shadow IT

When it comes to licensing and managing SaaS applications, you have to find the right balance of oversight and flexibility. Especially because there are so many solutions that you’ve never heard of. But, your staff probably has. 

It’s hardly unheard of for someone on a marketing team to sign up for a project management platform after skimming a single blog post about it. This level of convenience comes with plenty of benefits, but it also comes at a cost: 50% of the IT spending at large enterprises is on shadow IT.

IT still needs to exert some control over which devices and applications employees use. On the other hand, if shadow IT makes up over half of your IT budget, you have to work with both IT and your staff to ensure that you’re striking that delicate balance of security and productivity.

What to Do About Rogue Devices

When companies allow employees to BYOD (bring your own device), to work, you’re introducing security risks. Granted, many employees may violate BYOD policies accidentally simply because they’re not educated about the security threats those personal devices cause.

Worse yet: Rogue devices can be deployed to facilitate insider data theft or other malicious actions. For example, a disgruntled or dishonest employee may use a personal thumb drive to misappropriate business data or intellectual property.

Clear boundaries go a long way toward ensuring appropriate use of BYOD. 

Device monitoring allows IT departments to see if and when rogue devices access business technology. This type of monitoring and auditing requires mobile device monitoring and other cybersecurity tools. 

BYOD is definitely a user-beware policy, and in order to identify rogue devices should absolutely invest heavily in cybersecurity. 

When it comes to auditing shadow applications, SaaS management tools have evolved considerably to provide convenient, in-depth oversight.

Discover Unauthorized Applications With a Shadow IT Audit

"Today, employees have access to over 288 different SaaS platforms. Tracking shadow IT manually is grueling and thankless." Click To Tweet

Today, employees have access to over 288 different SaaS platforms. Tracking shadow IT manually is grueling and thankless. You would have to survey every employee, ask them to inventory every single software product, and then store and review that inventory. Even with complete cooperation (and perfect recall from each employee, including every click through agreement they have ever completed), the process will be slow and problematic.

SaaS management tools offer useful features like holistic application discovery, which can detect shadow IT automatically. In addition to manual tagging, such tools can pull information from multiple sources like IAM and imported spreadsheets into a single repository. This saves time, removes potential for human error, and keeps the findings of the audit organized.

Gain Visibility Into How Employees Use SaaS Apps

Measuring consumption empowers SaaS license optimization and reduces exposure to threats. Historical utilization data makes it much easier to off-board zombie users, see who uses which apps (as well as how they use them), and flag unusual behavior. By following these critical metrics, you can also discover other red flag situations.

Scenario A. A former employee is still logging into some apps. When one or more SaaS accounts was overlooked during the offboarding process, consumption monitoring could catch it. Cancelling those subscriptions saves money and eliminates a big security risk at the same time–20% of organizations have been breached by former employees.

Scenario B. A current employee is suddenly using apps in a non-standard way. Seeing this quickly notifies IT when an account is compromised. Tracking SaaS usage makes it easier to tell when passwords have been compromised and unauthorized users are accessing applications.

Over time, historical SaaS utilization data and regular examination make it clear when something unusual is happening.

SaaS Utilization Audit Checklist

Over time, IT teams may develop an almost effortless ability to notice when something is not quite right with the utilization data. The audit process can generally be condensed to a few straightforward steps:

1.

List your applications. The IT team can then perform risk assessments to confirm that each app is compliant with internal security plans and external regulations. SaaS management keep everything organized in a central repository (and negate the need for clunky, manual inventory lists).

2.

Identify new apps since the last audit. If IT signed off on everything in the last audit, the focus can be on vetting new subscriptions.

3.

Track logins and utilization. IAM data provides visibility into who uses which apps, and native integrations can even shine a light on feature utilization.

4.

Measure change in logins and activity. Use tools that demonstrate spend and utilization over time to identify strange or suspicious activity.

5.

Visualize renewals. A SaaS management gives immediate insights into which subscriptions are about to renew. This helps manage both cash flow, ghost accounts, or redundancies..

Address Cybersecurity Concerns

SaaS products make it easy for anyone to sign up and begin using the software within minutes, which means employees can create new accounts without going through the proper channels. 

Two-Factor Authentication

Because IT is never involved, there is little cybersecurity expertise going into these decisions. Furthermore, the existing security plan becomes outdated because it no longer accounts for all of the applications in play. The FBI received 69% more complaints of internet crime in 2020 than in 2019, so it is more important than ever for IT professionals to be in control of how an organization uses technology and limits risks.

When conducting a SaaS audit to eliminate security risks, it is helpful to identify apps that do not offer two-step verification or two-factor authentication (2FA). Without 2FA, hackers may be able to guess the password through a brute force attack. Adding another step to the log-in process helps verify the user’s identity and prevents unintended access to information or capabilities. 

Eliminate Supply Chain Attacks by Controlling Shadow IT

The SaaS Supply Chain (SSC) is a network of interconnected software products and services. Some of the applications are more secure than others, and cyber criminals are learning how to identify the weakest links. One prominent recent example is the SolarWinds breach, a supply chain attack during which hackers moved laterally throughout the system to deploy malware through SolarWinds’ own servers. Removing or securing shadow IT helps close backdoors that could otherwise let hackers into the supply chain.

How to Implement Insights from a SaaS Audit

When you detect shadow IT, then you can decide how to manage it. In some cases, applications must be eliminated entirely. For example, apps that manage data in a way that causes compliance or security concerns. In other use cases, it could be advisable to bring productive, safe apps under IT’s management to allow employees to continue using them. Let’s say that an employee has a personal Slack account. Upgrading to a premium subscription adds features and additional layers of protection for the business.

Monitor Shadow IT With Ease

SaaS products are vital to the success of modern organizations, which is precisely why they must be managed deliberately by qualified IT professionals. Audits have their place in every SaaS management strategy because they expose wasteful spending and security risks. 

A SaaS management tool automates the discovery process with connections to IAM and other data sources. Contact Quolum today to learn more about the SaaS management technology that facilitates SaaS audits and empowers actionable insights.

Frequently Asked Questions

Quolum's SaaS Card makes paying for recurring SaaS and Cloud purchases easy. We are a corporate expense card, hyper-optimized for buying SaaS and Cloud purchases online.
Quolum is used by Finance and Procurement teams to make the process of software purchasing super easy. Our current features make the product attractive for companies and departments that have less than 100 employees.
Signup takes 2-minutes. In most cases, you'll have the Quolum SaaS Card in 60-seconds and start paying for SaaS and Cloud products right away. We do not run any personal or business credit checks.