Blog

Real World Shadow IT Examples and Horror Stories

Shadow IT is a clear example that what you don’t know can and does hurt you. These unapproved cloud applications waste money, drain productivity, and make your environment easy pickings for cybercriminals.

Alpin helps enterprises find thousands of Shadow IT apps, and stop the damage they cause. As a result, Alpin knows the horrors Shadow IT poses, and how to avoid catastrophe.

Here are some real world Shadow IT examples:

Security and Compliance Ordeal

An enterprise was hit by an attack from a game company trying to get employees to download a game, which turned out to be an egregious form of Shadow IT.

This gaming site subscription had full access to many company email inboxes, including access to CEO and CFO inboxes and all their sensitive contents. The most famous Shadow IT example is a so-called game developed on Android. The game developer was purportedly based in the Netherlands, but was in fact a Russian company. This game accessed all the emails, not only the headers, but the content of all the people installing that game. CEOs, CFOs, CIOs had all given permission to this game that was really a Russian company reading all your emails,” said Julien Denaes, Alpin co-founder and now CoreView vice president.

Solution: Alpin discovered the offending app and permissions that led to the situation, and provided the tools to solve it. ”We reported this to our customers, and guided them to blacklist this application. They were extremely thankful of course,” Denaes said.

License Compliance and Cost Overrun Debacles

Duplicate apps are a waste of money, and having more than one app to solve a problem, say, manage projects, saps productivity and kills collaboration. One Alpin customer had many teams each with their own Slack domain, and were all unaware that a corporate Slack account existed. Costs overlapped and added up to huge waste.

Similarly, another organization found not one, but five duplicate project management apps outside of IT’s purview, spread throughout the company. This created massive cost overlap and security vulnerabilities — how much sensitive data may have been stored in the other apps?

Solution: Alpin’s extensive discovery tools identified these otherwise hidden instances, giving IT the data and contact information needed to remedy these issues.

Security and Compliance Catastrophe

File storage SaaS tools such as DropBox are notorious for data leakage and theft, and little is more terrifying than hackers accessing executive files. In this case, a finance director, through a cloud file storage app, was sharing a root-level folder with outside parties. That inadvertently provided access to detailed financial statements that would never be released publicly or shared. Salaries, P&L, and more were unintentionally exposed.

A team’s files, folders, and discussions were made completely public rather than internal and read-only – this made financial files and other sensitive information indexable by search engines.

Solution: Alpin’s discovery and cloud Data Loss Prevention (DLP) tools provided the information needed to pinpoint the data leakage and change the relevant settings.

The Misery of Cost Overruns — and Worse

Alpin’s customers have experienced multiple cases of a scary lack of oversight – and the damage this does. For instance, a large technology company’s ex-employees – up to three years gone – had access to multiple cloud apps, including the company’s CRM. Not only was this a waste of money, it put years of potentially sensitive information at risk.

In another case, an expense and approval system kept IT and procurement in the dark about cloud software purchases. A manager approved employees’ software expenses without intervention or detailed purchase audits.

Solution: Alpin discovered these mystery users and programs with tools previously unavailable to IT leadership. With knowledge in-hand, IT could address or correct these issues.

Compliance and Cost Agony

Finding Shadow apps is the foundation for discovering if known cloud breaches are cause for alarm.

After a recent data breach from a cloud software provider, multiple companies wanted to know if they were affected. Without Alpin, they had no way to know, for sure, if theirusers were exposed by the vendor’s breach. With Alpin, they got notifications about the affected app, as well as who was using it, so they could lock down their exposure.

Another company found over 3,000 SaaS apps when they expected to find a few hundred.

Solution: Whether it’s general discovery or looking for a specific app, Alpin sheds light on cloud software ecosystems. Solving Shadow IT problems starts with good discovery.

The Shock of Unwanted SaaS Surprises

In one enterprise, users set up a small trial of a video conferencing app that quickly spread department-wide — and could easily have spread enterprise-wide. It was an expensive solution not subject to negotiation or cost controls. A department head even committed IT to supporting the new application, taking IT completely by surprise.

Solution: Alpin tracked down all instances of the new application to help sort out the prickly situation. In this case and others, knowledge is power. Revealing Shadow IT serves a powerful tool for IT leadership.

CoreView Bought Alpin to Solve Shadow IT Problem

Last year, CoreView bought Alpin for its broad SaaS management and discovery ability. Alpin tracks more than 40,000 SaaS apps, using 13 discovery methods, giving IT a full picture of their SaaS environment. With Alpin discovery, you will:

  • Gain visibility – view all SaaS applications in one dashboard, along with all their users.
  • Work with the business – help business users choose the best solutions and use those apps to their full potential.
  • Spot trends – see app growth among teams, departments, geographies and across the company.

Learn more about the new SaaS Management powerhouse:

Explore the Alpin solution —Alpin Co-Founder’s Magical Mystery SaaS Management Tour

Dive into our white paper — 1+1=3: CoreView and Alpin are the New SaaS Management Platform (SMP) Powerhouse

Learn more about Shadow IT and SaaS management with an Alpin demo, or visit the CoreView/Alpin web page.

You can also get a free CoreView Office 365 Health Check that details license savings, state of application usage, and pinpoints security problems in your Office 365 environment.


ABOUT THE WRITER

Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.