Experts say to start with the following

rakhirhif8963 · Post by **rakhirhif8963** » Thu Feb 06, 2025 6:29 am

“An entire category of security tools—SaaS management platforms—exists to help tap into these data sources and analyze them to uncover shadow IT. Since most organizations today rely on SaaS products, this should be an important consideration, whether it’s done in-house or through a vendor,” Trauner adds.

Once you discover assets hidden in shadow IT, resist the temptation to shut down the whole thing.

“There’s one thing that IT should not do, and that’s to lock it all down. That typically has two consequences. One, it stifles innovation and creativity. Two, it makes shadow IT go even further into the shadows,” says Andy Myers, director of enterprise agility at consultancy ISG.

Using Shadow IT for Business Success
Once shadow IT assets have been identified, it's time to look for ways to use them for the benefit of the company as a whole.

Check for unused licenses and duplicate applications. Don’t be surprised to find multiple duplicate applications used by different employees who can’t easily share information or collaborate in the digital workplace, warns Haramati. “This also means that IT has to maintain redundant applications. Additionally, many shadow IT licenses are unused or underused, and subscriptions are often renewed without the knowledge of the application owner or IT,” he says.
Double-check apps that may still be lurking in guatemala mobile database shadows. Fortunately, there are tools to help you with this task. “By looking at data in an identity provider like Google Workspace, you can identify OAuth grants used to sign in to third-party apps. There are other sources, too, like DNS logs or accounting software like corporate credit card software,” says Trauner.
Establish ongoing governance. To avoid trouble, be proactive and attentive. “You can establish an ongoing governance process so that all apps go through a security review, and apps that exceed a certain spending threshold are assessed against what’s already in your SaaS system,” says Christopher.
Encourage security to be more developer-friendly. Security protocols and attitudes toward them are the most commonly cited things that developers and users are trying to avoid when using shadow IT. This will continue unless compliance with security is made significantly easier. “A ‘you wrote bad code’ attitude is not going to win hearts or minds,” says Vikram Kunchala, principal and head of the cyber cloud practice at Deloitte Risk & Financial Advisory.

Encouraging early and frequent engagement with security during the development process can help, he says. But security teams must also make it easier for developers to do so.