Shadow IT: It's a bigger threat than you think

File sharing, remote work, and vulnerable employees are leaving company networks open to potential cyberattack

Shadow IT: It's a bigger threat than you think

TechRepublic's Karen Roby talked with Rahul Kashyap, CEO of Awake Security, about the alarming increase in shadow IT during the COVID-19 pandemic. The following is an edited transcript of their conversation.

Rahul Kashyap: Shadow IT has been a lingering problem for IT administrators for a long time. It's basically unauthorized use of tools. In most cases, it is legit use. The way I like to describe the shadow IT problem is actually simply this way: If you come in the way of an end user doing the job, they will find a way to get the job done, and they will find tools, means, or whatever. And shadow IT is a manifestation of that in many cases.

SEE: Security Awareness and Training policy (TechRepublic Premium)

Particularly in the coronavirus time where people are locked down, and they're not well prepared for that scenario, we are seeing a huge surge in shadow IT tools of late. We are seeing an increase in file sharing applications leaking data. We are seeing an increase in the usage of remote access tools, like TeamViewer, RDP protocols, and so on. So this is an increasing trend which has definitely grown ever since we initiated the lockdown and people are working from home.

Karen Roby: File sharing is becoming a big issue Rahul, expand on that.

Rahul Kashyap: So we found that generally, it's one or two file sharing applications which IT people authorize end users to use in a large corporate environment. But we are seeing an average of five and above per user where people have a lot of file sharing applications. And many of these file sharing applications by default, try to upload a lot of files as backup. You can maybe have a file sharing application just to store and save your photographs that you just took recently over the weekend. But you may have sensitive documents from your office which are also in the same laptop and they're also getting and moving to your personal file sharing service right now.

SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)

We are seeing a lot of that loss coming in. And a lot of IT initiatives are really wanted because this is creating new data, a new case problem from corporate, particularly as people are sharing sensitive documents unknowingly into their personal accounts. But this is a very common problem we come across recently and it has really grown significantly in the last few months as well.

Karen Roby: Sadly, criminals really prey on people when they are most vulnerable, as we all are right now. 

Rahul Kashyap: To give you an example, we have seen almost a 75% increase from January to March in people using remote access tools like LogMeIn, GoToMyPC, TeamViewer, RDP products and home-based services and so on. I completely understand. People are struggling. People are kind of just getting the job done, but attackers are using default and weak settings in some of these services to launch attacks. There have been cases where people are scanning for RDP protocol ports on the internet and then they even launch a ransomware attack if they find after boot porting, they can compromise an account. So yes, attackers are definitely taking advantage of the situation. There is confusion, there is a bit of chaos, and there's a bit of lack of control, if I may, in the entire IT environment right now and attackers, they will take advantage, and they are.

Karen Roby: What are a couple quick tips you would pass along to those looking to keep their network safe?

Rahul Kashyap: I would say it's very difficult to please people and give them tools which everybody likes, right? You may not have a success there where you give a tool and which everybody's going to like. Try to at least have tools which are user friendly. This can be easily used by people as much as you can. That's an easy one. From a security perspective, visibility and controls are more and more important, more so than ever. So if you see that there are people unknowingly using tools that are likely which can cause harm to the organization, deploy products on your network which can give you visibility and identify those kinds of activity so that you can resolve this proactively before any damage gets done. Understanding those and understanding your network has never been so important.

I think you should definitely start with visibility so that you can have efficient controls once you understand and know what's going on in the environment. I think that's the best and first thing to do. And depending upon how sensitive you are in terms of data leakage, you can add a lot more controls once you understand what's really going on in your environment. Definitely, I would highly recommend network monitoring solutions to be put behind the VPN, if required, so that you can identify fingerprint device users, who's coming to your network, and how do you manage that?

Secondly, it's very important to have cloud controls as well because not all of these services are going to the cloud. Make sure that you have a good cloud hygiene policy so that you really understand what's going out of your corporate network. The corporate network is no longer a corporate network. Now it's everybody's home. People are working so suddenly the whole thing is fragmented and blown up. It's definitely going to be challenging times for a lot of people.

Also see


TechRepublic's Karen Roby talked with Rahul Kashyap, CEO of Awake Security, about the alarming increase in shadow IT during the COVID-19 pandemic.

Image: Mackenzie Burke