- John Harden
The Hybrid Work Environment is Growing, and so is Shadow IT.
We all know that the hybrid working environment is something that is part of the post-covid business world. But are IT leaders equipped to handle all the change? In our last article, where we discussed Shadow IT growth & risks, we talked about Shadow IT growing 59% since COVID-19. A significant reason behind this is because employees are working from home and opting to self-service their IT needs. So, as an IT leader, you know it’s a problem, but how can you better handle it?
Why Are Employees Embracing Shadow IT So Quickly?
Shadow IT is erupting for a handful of reasons. However, in many cases, it is because the employee is trying to achieve a business outcome. Let’s take a widespread example of Shadow IT: file-sharing. Bill, a project manager for a small business, is tasked with implementing a new CRM. He needs to get the customer list from the old system to the vendor to set it up. However, he has no way to send this large file, so he goes online and signs up for Dropbox to share it because it’s easy. Bill shares this file with the vendor and never touches Dropbox again. Except now, Dropbox has this business’s client list in their cloud.
Can you blame Bill in accounting for signing up for Dropbox to share a file with a vendor who requested it? His job is to provide the vendor with important information, not procure or determine SaaS applications in the organization. However, because SaaS applications are so easy to sign-up for and procure, stories like this happen all the time. At Tesla, there was a huge story where an employee shared code through a personal Dropbox account, except this time maliciously.
But Aren’t SaaS Vendors Supposed To Be Secure?
In many cases, SaaS applications are supposed to be the answer to compliancy versus on-premise solutions. However, when 1,000 Managed Service Providers were surveyed, 25% of SaaS applications were targeted with cyber-attacks. Furthermore, they found that Dropbox, Google Workspace, and Microsoft 365 were three of the most common attack vectors.
These attacks are happening because supply-chain attacks are very successful in obtaining critical business data. Applications are easier to attack in many instances rather than other traditionally protected assets, such as client networks. CSO Online defines a supply-chain attack as: “An attack that occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data.”
How Does The Hybrid Work Environment Play Into This?
With people working from home, the dispersed connectivity is creating a problem. One of the most effective ways to monitor for Shadow IT is to digest the network logs of an organization and look for access to unsanctioned SaaS. However, this is becoming more complicated in the hybrid work environment. Software solutions can solve this problem by monitoring the endpoint regardless of where they’re accessing this software.
Another usual way of combatting Shadow IT is naturally through business interactions that happen internally. Shadow IT usually rears its head amongst internal office discussions. However, employees aren’t communicating as much with the remote environment. Security Boulevard says that open communication is the #1 best way to catch Shadow IT. But, if people aren’t in person, how can they collaborate effectively?
What Does This Mean If I Am An IT MSP?
As an MSP, there is a huge opportunity to solve this Shadow IT crisis. As IT MSPs are moving to a more cloud-centric world, it’s vital to protect all vectors. This problem is an opportunity to create a new revenue stream by protecting your clients. Furthermore, it allows you to talk about the business you’re serving and how they’re using technology to drive their business.
Using a solution like Saaslio, which monitors and alerts on SaaS application usage in your customer environments, can protect your clients from Shadow IT before it proliferates. In addition, you can configure workflows and alerts to inform your helpdesk when high-risk applications that are not approved introduce themselves to your clients. Furthermore, Saaslio will provide you with easy, step-by-step recommendations on steps to improve the SaaS Health of your clients.