Shadow IT, as the name indicates, is a silent IT security killer, budget sinker, and productivity downer. These cloud apps are not vetted, nor managed by your professional IT staff. Even SaaS apps that are corporate standards are not usually well understood, managed, or secured – and there are all kinds of horror stories to prove it.
CoreSaaS, from CoreView, eliminates all these problems, saving the SaaS day in the process. CoreSaaS, originally built by Alpin and now owned by CoreView, begins by finding approved and unapproved shadow apps. Next step is managing these applications by bringing them under IT control. Unwanted, unneeded and insecure apps can be quickly decommissioned, while those that remain enjoy security, license and contract management, and disciplined and effective application adoption.
“Forget the cost management, the value-add is gaining visibility in the shadow IT. Great service!” enthused William Gregorian, Head of Security for Iterable, a CoreSaaS customer.
Shadow IT a Bigger Deal Than Most Realize
Shadow IT is a very big deal. Did you know a Cisco survey of CIOs show they had 15 times more cloud applications than expected?
Cisco research finds the average large enterprise uses over 1,200 cloud services and 98 percent (1,176) of them are in essence Shadow IT. Many of these Shadow apps are a waste of money since there are already corporate standard apps that handle these functions, and in too many cases the Shadow tools are either malicious or present other security vulnerabilities.
Shadow IT Blows Holes in Security Walls
Shadow IT causes all kinds of security problems. It is a huge area of attack by hackers, and an ideal vector for malware. Meanwhile, storage, file sharing and collaboration apps are all key sources of data leakage.
Shadow IT is clearly ripe for attack, as Gartner researchers predict that this year, 2020, one-third of all successful attacks on enterprises will be against Shadow IT resources.
“Many IT decisions are now distributed throughout the organization at the line-of-business level. From a security point of view, it’s a nightmare scenario,” says Larry Ponemon, founder of the Ponemon Institute, a technology research firm in an IBM sponsored study. “People at the business level may not have any knowledge at all about security, and they may be using these tools in ways that put the organization at great risk.” The study, Perception Gaps in Cyber Resilience: Where Are Your Blind Spots? argues that some 1 in 5 organizations suffered a cyber-attack due to Shadow IT.
Meanwhile, research from Skyhigh Networks finds that most SaaS providers come up short when it comes to security, and less than 10% of these providers meet the strong security requirements large enterprises need. In fact, just 2.9% of these services require strong passwords, and just 1% encrypt data with data keys controlled by customers.
Issues Created by Shadow IT
• Data Security Problems – Data can be accessed from former employees, breaches can occur, and permissions attacked because they are not managed by IT.
• Regulatory and Compliance Disasters – SOX, GLBA, HIPAA, GDPR and others violated because data and data access is not secured – or understood!
• License Compliance Violations – Freemium or shared accounts can put your approved SaaS contracts in jeopardy.
• Cost Overruns Out of Control – With Shadow IT, your end users are often paying for applications already served by corporate standard SaaS solutions, wasting money through vast redundancies. Shadow IT gets in the way of good IT software negotiations and proper, efficient provisioning.
• Misallocated Costs – Finance and accounting need accuracy, knowing what software is acquired, billed for, and renewed to optimize investment.
• Missed Financial Goals or Targets – If procurement misses savings goals due to unforeseen expenses from Shadow IT, it may lead to unintended cost-cutting measures.
• Loss of Respect for IT – Shadow IT leads employees to question the judgement of IT (they think they know better than IT does what software makes sense), and security and productivity problems caused by Shadow IT can be blamed on IT.
CoreSaaS Solves Shadow IT Problem
Last year, CoreView bought Alpin for its broad SaaS management and discovery ability. Alpin tracks more than 40,000 SaaS apps, using 14 discovery methods, giving IT a full picture of their SaaS environment. With Alpin discovery, you will:
- Gain visibility – view all SaaS applications in one dashboard, along with all their users.
- Work with the business – help business users choose the best solutions and use those apps to their full potential.
- Spot trends – see app growth among teams, departments, geographies and across the company.
One CoreView customer sees the benefits of adding CoreSaaS management to his CoreView O365 solution. “CoreView has provided us with tools to efficiently and securely manage our Office 365 infrastructure while integrating the deep insights necessary to maximize ROI on our software licensing,” said Stephen Chris, COO, Baker Tilly Canada. “The ability to extend this functionality to other SaaS applications would allow our professionals to implement the tools necessary to complete their work while identifying potential risks and maximizing software investment within the larger business operations.”
Deep SaaS Savings
CoreSaaS delivers near-instant return on investment (ROI) through immediate license and subscription savings – reducing these costs up to 30%.
“Businesses often aren’t able to maximize the return on their SaaS investments because they don’t even know what SaaS applications are in use and they don’t have the ability to easily take actions on insights into their SaaS environment,” said Julien Denaes, co-founder and CEO of Alpin and now CoreView Vice President. “CoreSaaS offers organizations the ability to get granular reporting into their SaaS environment and realize significant cost savings through best-in-class SaaS management, monitoring, and security capabilities.”
The Shadow IT Angle
CoreSaaS can discover more than 40,000 SaaS tools. CoreSaaS further offers granular user-specific and application-specific controls that identify all SaaS applications in use, monitor activity, and offer additional features such as “Blacklisting” (blocking admin-selected SaaS applications from use), “Lockdown” (blacklisting every existing and/or new SaaS application in emergency situations), highlighting file and email data leakage, showing vendor security certifications, and more.