The unauthorized acquisition and use of hardware, software, services, and media by users or groups within an organization is known as phantom computing — and it’s an endemic trend in all businesses.
Shadow IT often occurs because people want to use the devices and apps they like and are comfortable with rather than those available from IT – and they perceive IT as a barrier or source of delay if they want to get preferred devices and apps. approved.
Unfortunately, IT departments cannot secure resources they don’t know about, leaving sensitive data unprotected. It can violate laws, regulations, and company policies and even enable major data breaches.
Shadow IT discovery is necessary to gather information about potentially unauthorized resources and enable risk assessments and informed decision-making about which resources should be allowed and which should be blocked.
Learn how to perform shadow IT discovery in three categories: rogue devices, local software and removable media, and cloud services. Note that several methods must be used in combination to keep shadow IT at bay.
Discovery of Shadow IT for unauthorized devices
Finding desktop and laptop computers, mobile and IoT devices, and other unauthorized hardware is usually straightforward. When these devices attempt to connect to corporate networks and servers, either on-premises or remotely through technologies such as VPNs, Security Service Edge, or Secure Access Service Edge, they contact your network devices. These can include network switches, wireless access points, VPN gateways, proxy servers, firewalls, and routers. These network devices can identify outdoor devices they have never seen before and collect information about them.
Many companies use onboarding or provisioning processes for new devices. In conjunction with asset management tools or network access control technologies, these processes can automatically generate authorization lists for network access. Whenever a device attempts to connect to the network that is not on an allowlist, a phantom computing device may have been discovered.
Discovery of Shadow IT for local software and removable media
Devices authorized to connect to a corporate network often use unauthorized software or removable media. If endpoints are managed, enterprise endpoint management software is ideal for shadow computing discovery. Endpoint security tools, such as vulnerability scanners, patch and configuration management utilities, mobile device management and asset management tools, can collect information about unauthorized installed software.
Monitor virtual endpoints, such as emulated operating systems running on other operating systems. Virtual terminals may also have unauthorized software installed, or the emulated operating system itself may be unauthorized.
Discovery of Shadow IT for cloud services
The use of unauthorized cloud resources is a major concern today. Users can easily access free and low-cost SaaS offerings on demand. While cloud services can increase productivity, they can also allow third parties to access sensitive organizational data due to the lack of SaaS protections.
The use of cloud-based shadow computing can be identified in several ways. The best methods for your organization largely depend on the security tools already in use. Consider the following options:
- Cloud Access Security Broker Tools and Cloud Application Security Tools provide enterprise security features, including tracking cloud usage and collecting information about users and devices involved and what they access.
- Most SaaS management tools support cloud application discovery. Some provide risk ratings for common shadow computing resources to help with risk assessment.
- Endpoint management software may be able to monitor and log SaaS usage from managed endpoints.
- Web activity can be monitored at proxy servers, firewalls, and other major network points to identify connections to unauthorized cloud-based resources. DNS queries can also provide basic information about attempts to access known shadow computing resources.