Shadow IT Risk Mitigation

Shadow IT is the phenomenon where employees are using outside software and third-party apps to complete work-related tasks without corporate IT approval. While this scenario might seem like an excellent way to increase productivity, it’s a serious cybersecurity challenge that can lead to many security, compliance, productivity issues, and high financial costs.

What is Shadow IT? Why does Shadow IT occur?

Shadow IT is using cloud-based applications and services without the knowledge or approval of your in-house IT team. It can lead to many security, compliance, and productivity issues.

Shadow IT, or using unauthorized applications in place of the IT department-approved ones, is a common practice among employees. Because it can be so time-consuming for the IT department to approve every new application that employees want to use — even if those applications are safe — many workers will just go ahead and download what they need. In fact, 80% of employees admit to using unauthorized apps instead of waiting for IT’s approval.

OAuth Abuse Challenges

OAuth is a modern authorization technology that powers today’s cloud SaaS environments. The OAuth (Open-Authorization) protocol was created by a team at Google to secure user authentication. OAuth lets users grant third-party applications access to their accounts without sharing sensitive data, like logins and passwords.

Many third-party apps that business users in your organization may install request permission to access user information and data and sign-in on the user’s behalf in other cloud apps. When users install these apps, they frequently click accept without carefully reviewing the details in the prompt, including granting the app permissions. Accepting permissions from third-party apps poses a security risk to your business.

OAuth can make it easy for users to share information with cloud SaaS applications to access data stored in other online services. But OAuth does have its risks — if a malicious application gets its hands on an OAuth token, it can use that token to pretend to be the user and gain access to their account or steal their data.

If an application is malicious, potentially even containing ransomware, the malicious cloud application has permission to encrypt all the user’s data and any data the user can access. OAuth tokens even bypass two-factor authentication in cloud SaaS environments and must be manually removed if compromised.

Shadow IT Risks

• Lost SaaS security controls
• Low visibility into applications
• SaaS data loss
• SaaS data leak
• Non-compliance
• Expansion of malware attack surfaces
• Lengthy downtime
• Increased risk management cost

“The use of personal devices and non-sanctioned applications (Shadow IT) by employees working remotely can lead to a significantly increased risk of cyber adversaries accessing internal infrastructure where data and intellectual property (IP) can be accessed.”

— Deloitte