For many people, Shadow IT is a term they’ve only recently started hearing about and/or paying attention to. However Shadow IT is not a new problem and is certainly not one that’s shrinking. McAfee defines Shadow IT as “IT projects (like cloud services) that are managed outside of, and without the knowledge of, the IT department.” As an IT Managed Service Provider, it is your responsibility to identify both sanctioned and unsanctioned IT in your customer’s environments. How are you handling it today?
As Saaslio continues to service more partners, we find that Shadow IT is becoming more prominent across all industries. Core technology solutions found that Shadow IT has exploded with 59% growth since Covid-19. With the introduction of every Shadow IT asset, enters the risk of more cybersecurity risks. These risks can range from small data breaches to huge organizational system compromises.
Think of it, how many software applications do you use that aren’t centralized and supported by your own internal IT? What about a personal task management tool, or that file-sharing account you signed up for? Very often, these signups can be one-time instances for a vendor or customer. However, the risk is now extended for your organization. Now take this problem and multiply it by the number of employees and the number of customers that you have. This quickly becomes an exponential and unmanageable problem, and one that imposes serious security risk to almost all organizations.
Each new adoption of software introduces a bigger risk for your client’s businesses and your ability to protect them. According to the National Counterintelligence And Security Center, 21% of organizations experience cyber events due to a non-sanctioned IT resource.
According to research done by Oscar Marquez at Security company, the average data breach can cost small businesses nearly $36,000 to $50,000. Furthermore, according to Cyber Security Ventures’ post 60% of small companies will go out of business within six months of falling victim to a data breach or cyber attack.
First, you need to begin reviewing software & Shadow IT periodically. You should engage with clients and their key employees on a regular basis to achieve this. Ask them what they’ve used in the last month to do their job and document it in your systems. Though this is error-prone it is a good strategic starting point to understand what your customers are using.
Furthermore, we highly recommend identifying the business owners of each software solution, so that when employees leave, you can ensure access is revoked. Did you know that 50% of employees admitted to having access to systems once they’ve left any organization?
After you have achieved building your software list for each customer, we recommend that you subscribe your PSA to the NIST national vulnerability database for each of the software that your customers are using.
Over here at Saaslio, we understand that as your practice grows, the manual processes of reviewing software and their risks are unmanageable. Utilizing Saaslio’s endpoint and cloud agents combined with automated Shadow IT workflows, you can now detect Shadow IT and its risks in real-time. The solution automates a significant amount of manual labor while giving you visibility into client risk. Saaslio will aggregate these findings to a partner-level dashboard and even open PSA tickets based on thresholds.
Saaslio has a proprietary DMO (Discover, Manage, Optimize) onboarding process which will make managing customers a breeze. Within 14 to 30 days of deploying the solution to a customer, you are able to provide a client with reports. A Discovery report will reveal all their Shadow IT risks, sanctioned & unsanctioned IT, and recommendations. This list is augmented with QBR recommendations so that you can build a roadmap towards Shadow IT remediation.
If you’d like to learn more about how we can help, schedule a time below: