October 12, 2023 · 8m read
Whether remote or in-person, your company works in the cloud. Collaboration tools like Google Workspace and Office 365 have become the de facto cloud office. Keeping the office secure without impacting productivity has always been top of mind for Security and IT teams – in the cloud, it takes a different shape that requires a fresh perspective on protection.
Connected to your cloud office is the suite of apps that teams and individuals need to do their jobs effectively. The vast catalog of available tools gives a lot of choice, but also a lot of consideration. While self-serve is tempting, the goal is to formalize a procurement process that allows for a careful review of policies & procedures.
If only it were that simple – getting the entire company to adhere to your policies is a constant battle, leading to a slew of unsanctioned signups that pose a significant risk.
In this blog, we’ll uncover what lurks in the shadows, helping you gain the right amount of visibility to get a better handle of all downstream app accounts.
What is Shadow IT?
Shadow IT is defined as any system or application that is deployed at an organization but unsanctioned by the security or IT team. These teams don’t have central control over these applications and cannot typically monitor them to ensure responsible use.
According to a recent report, approximately 20% of IT assets are invisible to security teams. Without visibility and control over these applications, organizations leave themselves open to security risks.
So how can your security team take control over Shadow IT risks? We’ll walk through three core steps to managing Shadow IT at your organization and how Material Security can help.
Step 1: Gaining Visibility into Shadow IT
The first step to managing Shadow IT is to discover which apps are being used across the organization.
At Material Security, our API connection to the inbox enables us to monitor mail for password reset messages, account activations, and account verification messages. This allows us to infer which apps employees are using.
These detected apps are surfaced in the Material Security console with information on app category, associated accounts, data breaches, and more.
Step 2: Understanding Security Gaps
For each app Material detects, we’re able to understand Shadow IT risks like unprotected password resets through weak or nonexistent MFA and risky OAuth scopes.
Important context like the MFA status and exact scopes an app has access to are displayed per app to enable quick and thorough investigations.
Step 3: Remediating Shadow IT
With an understanding of which apps are being used across the company and what security risks those apps present, companies can determine their Shadow IT policy per app and remediate unsanctioned app usage. Here are some sample remediations Material Security offers to our customers:
MFA layering for non-Federated Apps
For any app in the shadows with weak or missing MFA, Security and IT teams can choose to protect those apps with Material’s Identity Protection product. Material Identity Protection continuously finds SSO gaps, acting as MFA for non-federated apps.
Material identifies signup confirmations, password resets, and other account verification messages from hundreds of third-party apps and intercepts those messages with an authentication “challenge”. Once the user verifies their identity, Material delivers the original account access message. This protects a user’s corporate identity by preventing misuse and lateral account takeover.
Blocking Shadow IT
For organizations that take a hardline approach to their Shadow IT policy, Material can block unsanctioned apps. Within Material, admins choose apps to block, and employees will be unable to access account related messages from those apps, preventing them from using it. Instead, they will see a message that the app has been blocked with customized instructions.
With the visibility and context Material provides, IT is no longer in the shadows. Organizations have access to effective remediations that automate Shadow IT remediation by blocking or warning on unauthorized app usage and protecting non federated apps that are used by the organization. Reach out to learn more.