Ad Image

Leveraging SSPM to Regain Control Over Shadow IT



Solutions Review’s Contributed Content Series is a collection of contributed articles written by industry thought leaders in enterprise software categories. Galit Lubetzky Sharon of Wing Security shines a light on Shadow IT, and outlines how SSPM can help teams regain control over it.

Have you ever wondered why some people are afraid of the dark? Is it that they fear the unknown? Or perhaps, they are concerned about encountering something unfamiliar? While the answers to that question likely lie in psychology or philosophy, Shadow IT has a strong connection to this topic, where confronting the “unknown” is a common theme.

Shadow IT is the term used to describe all the unknowns to an organization’s IT team when it comes to services and devices. For instance, all the applications that employees install without the approval or knowledge of the security team are what we consider to be Shadow IT. It is the equivalent of “being afraid of the dark”, in the professional SaaS Security Posture Management (SSPM) sense of the word.

Download Link to Data Integration Buyers Guide

SSPM and Regaining Control Over Shadow IT

Why is Shadow IT Such a Big Deal?

It’s no surprise that employees want to use the latest and greatest SaaS applications to help them in getting their jobs done. But often, this comes at the expense of having to seek the necessary approvals from the IT and security team– a time-consuming process that can be frustrating for those who wish to use an application for convenience or urgency’s sake. What often ends up happening is that employees skip asking for permission, and simply download the application anyways. This creates a situation where unauthorized SaaS applications are being used within an organization, only known to the employee using them.

Why is this an issue? Well, the security team has no way of knowing if a potentially risky, or even recently breached, SaaS application exists in their SaaS environment. Furthermore, they do not know what permissions this SaaS application has been granted and what impact it can have on an organization’s security.

A recent example of this was a fake version of the popular generative AI application ChatGPT. In March 2023, the trojanized application was downloaded 9000 times, leading to the breach of users’ Facebook accounts. While the intentions of the users who downloaded this malicious application were innocent, the impact was severe. This begs the question of if a breach like this could have been prevented. To answer that, if a user logged into the application with their work credentials, and the security team had an SSPM solution on hand, the damage likely could have been minimized, perhaps not prevented. Security teams could have been alerted through the SSPM that a suspicious and risky app was in their SaaS environment – allowing them to mitigate the threat quickly by terminating access to that application and removing the user token.

While this is a reactive approach, Shadow IT detection should be a proactive practice. Such an approach involves a security strategy that allows security teams to uncover the Shadow IT that is lurking in their organization before it becomes an issue. But “knowing” is not enough. What really matters is taking action and mitigating the risk as soon as possible, which can be made more efficient by setting up risk alerts and/or automating remediation processes. These tactics ease the manual workload of already busy security and IT professionals.

Identifying and Addressing Risks of Shadow IT

Shadow IT clearly can create uncertainty around the actual security posture of an organization’s SaaS environment, and there are several specific risks that security teams should be mindful of when considering their strategies to address and manage it:

  1. Data Exposure. With just the click of a button, sensitive information can be shared with anyone across the world – in an instant, and companies may not be able to know the true extent to which their data is exposed. From the sharing of information on public Slack channels to the granting of high permissions to “Anyone with the link,” such practices add another element of concern for security professionals. Security professionals need tools, like SSPM, to take the guesswork out of discovering data exposures.
  2. Compliance Issues. Not meeting compliance requirements could break a business. And to meet compliance requirements such as SOC and ISO, organizations need to ensure that the applications in use will not compromise any of their sensitive data. Should Shadow IT exist in the organization, security teams have no way of knowing if they are meeting the necessary compliances or not. Therefore, it’s crucial for security teams to obtain full visibility into their entire SaaS ecosystem by discovering how every application is behaving and impacting the organization’s security posture.
  3. Increased Attack Surface. The equation is pretty simple. A reduced attack surface equals reduced risk. Reduced risk is dependent on less Shadow IT. Now, here’s a question to see if you understand your level of risk. How many SaaS applications are currently in use within your organization? Got the answer? If not, it is time you get to know it. You may discover that there are applications being used by only one employee, or perhaps some applications have not been used for over six months or more. Now is the time for you to decide if this risk is truly necessary.
  4. Shadow Networks. Lateral movement within SaaS applications is not uncommon. A threat actor likely has a clear intention of what they want to gain, and in order to get there, they will use lateral movement between SaaS applications to move around. Through a larger attack surface, attackers have a bigger shadow network to take advantage of. Therefore, it is up to the security team to keep tabs on unusual user behavior and ensure that only applications with a safe security score are being used within the organization.

Final Thoughts on SSPM and Shadow IT

As the threat of SaaS Shadow IT grows, organizations must continue to take their SaaS usage more seriously and evolve their security strategies to shed light on any current unknowns. This increased awareness and added precautions will ensure organizations are better equipped to actively protect their employees and company data from those who prefer to operate in the dark.

Download Link to Data Integration Buyers Guide

Share This

Related Posts