Shining The Spotlight On Shadow IT

The applications creating the biggest headaches for IT professionals these days are the ones they know nothing about.

In a world proliferating with cloud-based apps, IT administrators increasingly are unaware of the software being used on their own networks to collect, store and process business data. And what they don’t know can certainly hurt them, especially when the majority of apps available on the market are not enterprise-ready and introduce security and regulatory liabilities.

The sources of infiltration aren’t a great mystery. The apps are being discovered, purchased and executed by “shadow IT”—employees outside of the IT department, often the managers of marketing, sales and business units who know what works for them and their staff, but often are ignorant about the concerns surrounding management and security, or the causes of data breaches.

 “These apps actually are enabled in many cases with the swipe of a credit card. You can use them on your mobile device. You can share content outside the company with a click of a button. You can share terabytes of data easily. That opens up a spectrum of new threat factors where your employees may just do things that they don’t know are wrong because they’re so easy,” Sanjay Beri, founder and CEO of Netskope, a cloud-based cloud analytics service, told

That’s the Catch-22. Many of the improperly procured apps greatly enhance productivity and offer undeniable cost and collaboration benefits to the business.

“The truth is most of them are not going anywhere,” Beri said. “Instead, it’s about letting [the employees] safely use those apps.”

The first step to resolving the conflict between shadow IT and central IT is gaining visibility.

That was the thinking when several security specialists from some brand-name networking firms, including Palo Alto Networks, Juniper, McAfee, and Cisco, formed Netskope in 2012.

“We all saw that this mass movement to leveraging cloud applications had happened not by the IT person, but by the business unit who had swiped the credit card,” Beri said.

Large enterprises are typically running hundreds, if not thousands, of business apps. More than a third, on average, are based in the cloud and delivered as a service, according to Beri.

Most are not purchased or vetted by IT departments, and are running outside IT's purview. Which should make executives a bit nervous since close to three quarters of the cloud-based apps on the market don’t offer basic enterprise-ready protections for handling sensitive data.

 “The CIO who brought in only 10 percent of these is now looking around saying, ‘OK, these apps are great, my users love them, they bring in a lot of productivity and proficiency, but what do I do from a security perspective?’” Beri said.

On average, businesses investigated by Netskope had 461 cloud-based applications running within their firewall that were not brought in through the proper IT procurement process.

“When you have 461 cloud apps, you now have 461 IT departments. And they’re not your IT departments,” Beri said.