Avanan | Blog

The Importance of Shadow IT Protection

Written by Jeremy Fuchs | March 28, 2022

Avanan has a patent for Shadow IT discovery.

Shadow IT refers to the practice of when employees work with unsanctioned software, hardware or apps on company devices. The idea is that employees may use different apps or software to complete business-related tasks. But these platforms may not be sufficiently secured and thus may expose company data. 

With Shadow IT, employees bypass corporate approval process to purchase SaaS-based solutions, such as Dropbox and Slack, to communicate business information internally or with partners, unknowingly placing their organization’s data at risk. In the modern workplace, this is inevitable. A recent survey showed that 33% of Fortune 1,000 employees employ unapproved cloud-based platforms to store and share company data, violating corporate compliance and security policies and potentially exposing the corporate data to hackers. A Converge report reveals that 83% of corporate employees engage in informal shadow practices and that 72% of CIOs were unaware of the scope of Shadow IT usage in their companies.

Avanan's patent covers the technology that detects and monitors usage of cloud services based on the analysis of corporate email. 

Based on email analysis (Office 365 and/or Gmail), we will give you a direct line of
sight into cloud applications in use at your company. Avanan identifies emails from cloud applications to users that suggest they have been using a cloud application. For example, emails containing messages such as "Thank you for registering" or "You have a notification" suggest that a user has been using a cloud application. When such an email is found in a user's mailbox, a security event is created with the type of Shadow IT.

In the past, this protection was delivered via proxy-based Cloud Application Security Brokers, or CASBs. It can be done via an endpoint agent or by analyzing different network-device logs. All of this requires tons of extra configuration and a tough deployment. But it was only partial protection, since it cannot protect SaaS-based email.

Avanan's patented technology is able to uncover unsanctioned services by looking for email-based evidence of SaaS subscriptions or usage. That communication is already delivered to Avanan in the context of providing an extra layer of security. So Avanan clients can receive this information without additional configuration or deployments. This means that the file sharing apps and collaboration tools like Slack and Microsoft Teams that compromise Shadow IT platforms can be easily assessed, regulated and monitored. 

The usage of unsanctioned apps has major security risks. It's very easy for critical and important data to be exposed on these unprotected apps, or for third-party apps to introduce phishing and malware into your organization. 

With Avanan's Shadow IT protection, you can provide that additional layer of security and do so automatically.