What is Shadow IT? And Can It Really Improve Your Network?
All networks – from micro businesses to multinationals – can occasionally fall foul of shadow IT.
Unauthorised hardware, software, and network usage can open the door to all kinds of nasty cyber threats. But when you take a step back and investigate the reasons why people misuse your network, you can actually learn a thing or two about making your network better, stronger, and safer.
What Does Shadow IT Mean?
Shadow IT basically refers to any IT that has been installed on a network without the direct oversight or approval of your network administrators, or whoever’s responsible for keeping your network safe and operational. These unvetted additions can refer to any kind of hardware, software, file storage, or network usage.
Despite its shady moniker, shadow IT isn’t always outright malicious. New, unchecked additions to the network can potentially open the door to security issues, but may have been introduced with totally altruistic intentions. For example, team members may innocently introduce new hardware, install their own software, or share sensitive data for reasons that hadn’t been anticipated.
Alternatively, on the more dangerous end of the spectrum, malicious actors can install access hardware into your network to give them an “in”, or can present “evil twin” WiFi access points to siphon off data from your users. And malware is the ultimate “shadow software”!
All networks need robust firewalling and monitoring tools in order to flag up instances of shadow IT, but network misuse can actually teach us volumes about making things better for all users.
The Lessons We Can Learn From Shadow IT
Connecting unauthorised hardware to a network (or to a networked device) willy-nilly can cause a lot of problems from a security standpoint. Unknown, unvetted devices can contain viruses and all kinds of nasties that can easily spread across your network.
A classic example of unauthorised hardware usage is when criminals leave infected USB sticks in a public place (like an office car park or an access lobby). They know our curiosity and our sense of “finders keepers” is likely to result in that device being plugged into a networked device.
Connecting your own “BYOD” (bring your own device) appliances to the network can also be a problem – your personal mobile phone or laptop may seem clean, but it may not have the same levels of cyber-readiness that your IT department strives for.
Inexpensive IoT devices sourced from online marketplaces (such as access control hardware or CCTV cameras) may seem like a steal but in reality, they can be full of malware and security holes – potentially costing you in the long-run!
What Can Unauthorised Hardware Use Teach Us?
Depending on context, shadow hardware can teach a number of different things. Firstly, make sure that you provide clear training about what is and isn’t allowed on your network – people may simply be breaking the rules out of sheer ignorance.
If people know that they shouldn’t be introducing unauthorised hardware into the network but they do it anyway, look into the reasons why – they may not be malicious.
Are people bringing a laptop from home that has better sound processing so they can edit your company podcast quicker? Are those in a certain department using portable hard drives to move files around because your cloud storage isn’t fast or capacious enough? Are departments introducing their own WiFi repeaters or ethernet switches because they have connectivity issues?
These are all perfectly understandable reasons for using unauthorised hardware, so investigate why these parties are doing the things they do. If those who rely on your network are somehow finding it lacking, you can make it better by providing an authorised solution.
But without the proper monitoring tools, you’ll never be aware that there’s shadow hardware on your network at all. Thankfully, all of the firewalls we sell allow you to monitor and control traffic in ways that immediately flag new networked hardware and unexpected traffic anomalies.
Great though monitoring and blocking tools are, the best cyber security starts with solid cyber-awareness training – laying out in black and white what behaviour is allowed, what isn’t, and why.
Unauthorised Software & Web Apps
It makes sense to establish company-wide consensus about what software and web apps staff are allowed to use in the course of their work. This should explicitly state which productivity tools, web browsers, project management software, time trackers, antivirus controls, and so on that are permitted on your network – as well as software update regimens.
Clearly stating what software is permitted and what isn’t naturally helps to keep everything compatible and running smoothly, but it also helps you keep a lid on cyber security and data privacy problems.
Let’s illustrate what could go wrong if each member of a team were allowed to choose their own software. Before long, most of the team will end up using different antivirus software (likely relying on free solutions which are a waste of time in our opinion), different productivity software, and different web apps.
With this approach, every single PC will have very different levels of cyber security preparedness. Threats could therefore pop up all over the place in very unexpected places, and solving them would be a case of “whack-a-mole”-style firefighting.
However, when all networked endpoints are kept as uniform as possible, this gives you a much more cohesive “level playing field” in terms of network management and control.
What Can Unauthorised Software Use Teach Us?
Shadow software use needs to be investigated with a particularly fine-toothed comb. Starting at the “less potentially problematic” end of the spectrum, staff using a piece of software or a web app that hasn’t been explicitly vetted could hint at a need that hadn’t been anticipated before now.
For example, if a team needs a good time tracking tool or instant messaging app but their IT department hasn’t OK-ed one, they may well pick one themselves. This can be solved by investigating that group or department’s needs and by authorising an app that does what’s required.
Shadow software can also hint at suspicious trends – do some of your network users have unauthorised remote access tools or file sharing apps installed on their PCs? These kinds of apps can provide unacceptable access to sensitive information and systems, so you need to investigate immediately.
We also need to remember that malware is effectively shadow IT – if some of your team aren’t on top of their operating system and security updates, then there could be whole chunks of your network vulnerable to infection.
To identify and combat shadow software, we need a number of different solutions, including network usage reporting, application control, content filtering and cyber-resilience training. Application controls enable IT admins to state which software and web apps are allowed on your network and which ones aren’t. These tools also generate logs of which software is being used and flags attempts to use blocked apps.
Content filtering basically gives your administrators the power to block access to certain web addresses and resources. Not only can this be used to block unwelcome web apps, but it can also be useful in blocking unproductive content too.
Regular cyber-awareness training is also essential so your team knows your internal software policies and why they’re in place.
Unauthorised File Sharing
Even when teams are instructed to use a specific on-site server or cloud storage repository to share files and data, sometimes they may use unauthorised free sharing tools like Dropbox or Box.com. This may seem fairly harmless on the surface, but the more company data gets shared and saved in these small, disparate pockets of the cloud, the more you lose sight of where your data could end up.
This lack of control can become problematic from a data privacy standpoint. In our post-GDPR world, you to know where your data goes – what servers it’s stored on, why it’s there, and who has access. Poorly configured public cloud storage can lead to all manner of sensitive data leaks, so it’s well worth establishing what cloud storage services are allowed and why.
But be aware that data can still turn up in unexpected places, even when using industry-leading apps. When you share a document through Microsoft Teams, for example, that document is also made available through Microsoft’s other tools SharePoint and OneDrive. Though this automatic sharing is intended to be convenient for a wide range of Microsoft users, it’s not immediately clear. Some organisations may not be totally comfortable with this.
Unexpected data sharing patterns can also crop up between departments and even externally, with cross-team data sharing or collaboration cropping up for unforeseen reasons.
What Can Unauthorised File Sharing Teach Us?
Network users may have perfectly understandable reasons for flouting data sharing policies. Maybe your email sending limits or approved file sharing tools leave something to be desired. The aim is to recognise the problems that are driving teams to use external file sharing and to provide an approved, secure, and convenient solution.
Application control and content filtering also comes in handy when monitoring and policing the use of unauthorised file sharing apps and websites. However, even with these controls in place, you should also invest in data loss/leak prevention (DLP) tools. DLP solutions monitor outgoing data packets in transit, stopping anything that appears confidential from leaving your network. In turn, this minimises your chances of suffering a costly data breach.
Once you’ve decided on a secure storage solution and set up data loss prevention tools, always make sure that proper cyber training is provided – not just around how to securely use, move, and share data, but also around generally “who’s allowed to see what”.
Unauthorised Use of Comms & Messaging Apps
Nowadays, we’re more connected than ever. There are so many different ways to get in touch with colleagues that it’s easy to get spoilt for choice. Many of us think nothing of asking work-related questions or delegating tasks over SMS text message, WhatsApp Messenger, or iMessage.
However, with lots of different conversations happening across different messaging and calling systems, it can be hard to keep track of requests, projects, and tasks. You therefore risk scattering your vital comms across numerous apps and online locations.
Many online messenger apps also allow you to share files and data (to a certain extent), so they can also suffer the same problems as with shadow file sharing – company data gets shared across various disconnected areas of the web and it gets harder and harder to keep a lid on your data privacy.
What Can Unauthorised Use of Comms Tools Teach Us?
If your team are using various instant messaging tools to discuss work, it may be worth sourcing a secure company-wide messaging service that is available on PC and mobile devices (such as Slack or Microsoft Teams). Not only do tools like this keep all work-related comms in one place, but they can easily be monitored by app control and data loss prevention tools. As always, good cyber security training (and training around how to properly use any new communications apps) is a must.
Unifying your communications is a great idea – it keeps everything under one roof so requests aren’t coming at you from all angles! Microsoft Teams now features simple Direct Routing – enabling companies like yours to handle phone calls, video conferencing, text chats, and file sharing, all through the Teams app. It’s truly beneficial for distributed, remote teams – so find out more about Teams Direct Routing from our colleagues at Just Business Phones.
Shadow IT is something that needs to be monitored closely as it can present all kinds of cyber and data security problems. However, any incidence of shadow IT should be used as a learning experience. It can highlight your network’s cyber security shortcomings show you ways to improve your network for everyone.
Looking to eradicate shadow IT from your network? Get in touch with the experts at Just Firewalls. All of the security suites we provide offer centralised network, app control, data loss prevention, and reporting tools. SonicWall’s solutions in particular come highly recommended! Additionally, our colleagues over at Just Cyber Security can provide accessible, actionable cyber-resilience training that’s tailored to your specific requirements.