Scott Hesford, Director, Solutions Engineering (APJ), BeyondTrust

In addition, a response of “shut it down” rarely has positive results. Understanding what aspects of shadow IT exists, and the risks they represents, is key to acknowledging and managing the issue. Here are some noteworthy facets to evaluate:

    • Shadow IT is not usually implemented with malicious intent. More often, it is a result of employees or departments faced with inefficiencies or roadblocks that impede their productivity or completion of a time-sensitive business mission.
    • By understanding these motivations, organizations can get to the root of the problem, and minimise the risks far more effectively.
    • To deal with the rebound in shadow IT is to assume positive intent on the shadow IT user’s part and strive to fix the problem together. That being said, due to heightened security concerns, it is an issue that warrants urgent attention on the part of IT teams this year.
    • Every instance of shadow IT expands an organization’s attack surface. Utilising discovery methods to identify and assess the risk associated with shadow IT is crucial. Since shadow IT applications are not onboarded for protection by installed cybersecurity solutions, and typically have weak credentials, they create an opportunity for malware and ransomware attacks based on poor security hygiene. Any misconfigurations and vulnerabilities introduced will remain undetected, leaving unmonitored and unprotected pathways for threat actors.
    • A breach that occurs as a result of shadow IT is as liable as any other type of breach for regulatory penalties. Further, in the event a breach can be traced back to shadow IT, the organization may face grounds for non-payment on a cyber insurance policy, revocation of that policy, and future cyber insurance ineligibility.

Getting shadows into the light

One way that businesses can mitigate against the current shadow IT rebound is with Privileged Access Management (PAM). This approach has the following benefits:

    • It ensures that privileged credentials critical to an organization cannot be reused or are regularly rotated. This mitigates the risk of password re-use between privileged accounts on authorised systems and shadow IT, reducing the threat of successful password spraying attacks leveraging stolen credentials from shadow IT.
    • It increases visibility of devices that have access to the network, and which users have access to privileged credentials. PAM discovery tools are used to detect the devices, applications, subnets, and user credentials that are accessing the network. Once the assets are detected, PAM tools help with onboarding, management of privileges, monitoring, and auditing.
    • It is also used to stop malware and ransomware attacks by enforcing the principle of least privilege. This can prevent an incident in a shadow IT deployment from impacting sanctioned production assets. Applying least-privilege and audit controls over remote access can reduce the risk of unauthorised remote access being implemented via shadow IT, and the use of potentially risky cloud applications. Removal of local admin rights from users is considered a critical step in securing workstations.
    • Outside of privileged access management, a refocus on IT policies may also be required to rein in shadow IT-use.
    • The end goal is to get back to having supportable and secure solutions that meet the objectives of the organization and all its teams. This involves establishing and implementing a unified policy for managing shadow IT across all operational scenarios, whether employees are on-premises, remote, or in a hybrid environment.