Learn
Documentation
Support
Community

Usage guide: Shadow IT

Introduction

This library pack helps organizations find and monitor non-compliant applications and web services that could put corporate security at risk or show that the IT setup is not suitable for certain tasks.

Please keep in mind this is a guide and represents just some of the potential insight and actions you can take. There are many use cases and specific troubleshooting scenarios that you might uncover in your environment.

Ensure your library pack is properly configured by following the steps highlighted in its configuration guide:

Configuration guide: Shadow IT

Pack structure

Overview of the Shadow IT discovery

The "Shadow IT" live dashboard acts as the central point of this library pack. By utilizing this dashboard, you can identify and monitor non-compliant applications and web services that may pose a security risk to the corporate network or indicate that the current IT setup may not be optimized for certain tasks.

Communicate with users

To facilitate effective communication with users and implement the "soft enforcement" approach, this pack includes a campaign called "Non-compliant application access warning".

Non-compliant application access warning: Informs users about the use of non-compliant applications and offers compliant alternatives

Use cases

To assist you in gaining a comprehensive understanding of Shadow IT within your organization, this library pack encompasses the following scenarios:

  • The ability to monitor non-compliant applications and web services in real-time using a pre-defined list of these applications and services. The pre-defined applications and web services are divided into the following five categories: These include collaboration applications, cloud storage applications, productivity applications, connectivity applications, and AI services. Each category is accompanied by a pre-defined list of applications and services, which can be found on the corresponding tab of the in-product documentation page. This scenario allows you to promptly identify which non-compliant applications and services are currently in use within your company and subsequently monitor their usage.

  • Discovery of lesser-known non-compliant applications and web services that may present a potential risk. By utilizing pre-configured table widgets for each application category and a set of filters on application subcategories, destination domains, device locations, and other parameters, you can discover which other applications and services are being used in your company. You can then perform a deeper analysis of the results and apply the necessary countermeasures.

  • Take a "soft enforcement" approach by engaging with users. If an analysis of a non-compliant application or web service indicates that it presents a security or compliance risk, the users of the application in question can be informed that they are using a non-compliant application or service and provided with a compliant alternative using a campaign that comes with this pack – "Non-compliant application access warning."

Real-time monitoring of non-compliant applications and web services using a pre-defined list

The widgets on each tab show which non-compliant apps and web services are used in your organization. Each tab has sections for applications and web services. These show the most relevant information about their usage. For applications, you can see the number of devices using them and the amount of time spent on that application. For web services, you can see the number of devices using them, the volume of outgoing traffic, and the number of connections. The "In-product documentation" section within each tab presents a list of pre-defined non-compliant applications and web services.

Discovery of lesser-known non-compliant applications and web services that may pose a potential risk

The table widget located at the bottom of each tab (Shadow discovery) is designed to assist with the identification of lesser-known non-compliant applications that are not pre-defined in this dashboard but are currently in use within your organization. The tables on each tab are pre-configured to filter all applications from the corresponding category (for example, "collaboration"). These should be used in conjunction with filters on product subcategory, destination domain, device name, or device location. The table is sorted in ascending order by the number of devices to facilitate the discovery of lesser-known applications. By analyzing the data from the table, you can assess the usage of each lesser-known application in each category and determine whether it poses a risk to your organization or indicates that your current IT setup may not be optimized for certain tasks.

Take a "soft enforcement" approach by engaging with users

The users of non-compliant applications can be made aware that their application is not in alignment with the required standards and provided with a compliant alternative. This can be achieved through a campaign titled "Non-compliant application access warning," included in this pack.

Because dashboard widgets display device-specific data about non-compliant applications and web services usage, and campaigns can only target users, you should follow a two-step process to engage with incompatible app users.

Using the widgets located on each tab that indicate the devices on which the application is being used, you can view a list of these devices by selecting the "Drill down to devices" menu option.

Next, you can use the "Drill down to users" menu option to get a list of the users who last logged in on those devices.

By utilizing this list, you can target a "Non-compliant application access warning" campaign to the relevant users.

Here is the example of the parametric campaign that will be displayed to the users:

RELATED TOPICS

Last updated

© Nexthink

Privacy policyResponsible Disclosure Policy