Applications and devices brought into a company without being vetted or approved by the CISO or the IT team — in other words shadow IT — is increasing, and so are related security issues. That’s because technology companies have made it easier than ever for anyone to acquire and use tech products for work without consulting IT professionals on staff.
To help organizations confront this problem, web application and endpoints security provider Dope Security (styled dope.security) has added a shadow IT monitoring capability to its secure web gateway (SWG) offering, dope.swg.
Dubbed Extended Shadow IT, the new feature is designed to help organizations keep track of when employees use unapproved IT resources, violating company policies on data security, privacy, or compliance.
The new capability is meant to provide the visibility into shadow IT that security administrators need to make informed decisions around policy, said Kunal Agarwal, founder and CEO of Dope Security.
The capability is packed in with dope.swg subscriptions for no extra charge. Dope.swg is available to new customers as a 30-day instant trial, after which it incurs a charge of $60 per device per year.
Revealing access type from shadow IT sessions
Dope’s extended support for shadow IT promises visibility into all the software, applications, and services used within an organization without the knowledge or approval of the IT department, along with a few other significant details.
“With Extended Shadow IT, admins will have the ability to clearly see the exact accounts and emails used for SaaS apps like Google, Microsoft 365, Slack, AWS, and hundreds more, all differentiated by corporate and personal accounts,” Agarwal said. “With this heightened visibility, admins can not only monitor how much data is being transferred, and what type of authentication security employees have in place, but can also use this information to drive more informed policy creation and enforcement ensuring the highest level of security for their organization.”
Monitoring personal and corporate types of access will allow organizations to monitor if and how much corporate data is being transferred to personal accounts. The dope.swg subscription gives users complete access to all of Dope’s secure web gateway features. This includes integrated URL filtering, SSL inspection with one-click error bypass, instant policy push, extended shadow IT monitoring, comprehensive cloud application controls, and customizable user and group-based policies.
The combination of SWG and shadow IT monitoring capabilities is not something that is standard in other products, according to the company. The ability to get visibility into shadow IT is usually derived from disparate applications and locations.
“With other vendors, this capability is typically found as part of their CASB [cloud access security broker ] solution, which sits in a completely separate console at an additional cost and won’t show the personal versus corporate differentiation,” Agarwal said