How to mitigate the risk and get the outspread of “Shadow IT” under control

Shadow IT is in every organization, and it puts you and your business at risk. In today’s blog, I will show you how you can get control of Shadow IT with Microsoft Cloud App Security.

Please note that there are two dimensions of “Shadow IT”; one is how to mitigate the risk and get it under control, and the other is asking yourself how has it come this far. Well many times the complicated and unfriendly user tools offered by IT drives the user to take matters into their own hands and download any app that will help them to achieve their goals. And before you know it, they are using their own ToDo app, time tracking app, Customer relationship and/or file sharing app and the list goes on. They may even be using an app where a customer’s information is used, processed, and stored without realizing the compromised security of that sensitive information.

I’m sure you’re familiar with the risk of shadow IT and if not, just use any search engine to look up “the risk of shadow IT.”  When I did just that, the favorite headline listed was from a Information week article, published back on August 8, 2015 by Andrew Froehlich: “Shadow IT: It’s Much Worse Than You Think”.

So let’s dig into how the new Microsoft Cloud App Security empowers you to mitigate the risks and get the outspread of shadow IT under control. I encourage you to leverage the findings you get when using the Cloud App Security and discuss it with the Leadership Team. Show them that there is a demand for modern, more efficient, and easier friendlier tools than you currently offer. The goal of this conversation is to get you what you need, whether it is with resources or just their commitment to use applications and technology from this day and age.

#1 Discover and control all cloud applications in your network

First you need to know which services are being used by your users and which are accessed by their devices. Microsoft Cloud App Security can do just that and further provide risk scoring and ongoing risk assessment analytics for each service it discovers. Simply collect and upload the log files from your firewalls and proxies to Cloud App Security. You can also leverage Cloud App Security’s log collector to forward your logs periodically.  The important take away here is that it’s simple, easy, and you can get started within seconds. You don’t need to deploy any agents in your environment, all that is needed are your firewall or proxy logs to start.

#2 Get in control of your Data

Once you know what cloud apps are being used you can select which ones are or aren’t sanctioned. If there are cloud services that are sanctioned, you can set granular controls and policies for data sharing and loss prevention (DLP) thanks to API-based integration with these services. There are standard policies available but of course you can also create and customize your own, so that it fits your need. With these steps you can stay in control of what files are shared with whom internally, as well as externally.

#3 Threat Protection control

As do other services from Microsoft like Azure AD premium or advanced threat analytics, the Cloud App Security can also leverage behavioral analytics and abnormality detection. In light of recent events around cybercrime, it shows how real cyber threats are. The big companies are no longer the only targets. And like in the physical world, one of the weakest links is the user and their identity, and once an identity has been compromised it’s really hard to detect it. But with threat analytics you have what you need to identify compromised user accounts and identities and can take appropriate action.

Additional resources:

Quick video (15′) from the Office Mechanics Youtube Channel with Demi Albuz Sr. Product Manager Cloud App Security.

Here is the link to the announcement of Cloud App Security GA & here is a quick overview on how to get started.

Written by Dave Kurth
Thriving within my current role as Sr. Product Marketing Manager Azure, I'm focused on Azure Hybrid, Azure Stack Hub, Azure Stack Edge