When we talk about Shadow IT, Shadow IT or Parallel IT, we are referring to software that employees use regularly to meet their workplace needs but that are not controlled by the IT team and that pose a threat mainly from security for the organization.

According to studies, approximately half of IT budgets are destined to solve the problems that Shadow IT generates in the organization and this is based on the fact that employees, approximately 80% in organizations, do not feel that it is necessary to communicate it to the technology managers of their companies and in this scenario, we find that more than 82% of companies are completely unaware of the number of shadow applications that their employees use day after day. The shadow SaaS that is most widespread among organizations are Dropbox and WeTransfer and they basically seek to meet the needs that the tools they have do not do.

Shadow IT thus becomes a major problem when employees use it to work with confidential and / or sensitive information from clients or the company. Can you imagine a bank that shares large amounts of sensitive information via WeTransfer? The storage and distribution of this data by employees in different media means that the information is stored at rest without being encrypted by servers without control and external to the organization, with total ignorance of where they are hosted and what, in case cyberattack, theft of credentials or exfiltration of data, will be exposed to third parties, mainly assuming a problem of reputation and public image of the brand (Yahoo! economic sanctions to the organization.

How to avoid Shadow IT in your organization?

It is essential that the IT teams of organizations have under control the software and tools that their employees use every day to avoid cybersecurity problems and loss of control of data. In this case, it is important:

  • Analyze what needs the employees have
  • How the tools at their disposal satisfy that need according to the IT and cybersecurity strategy.

In the case of tools for sending and receiving sensitive and / or large files, it is believed that with collaborative environments included in your business suite, such as Google Drive or Microsoft OneDrive, the need is satisfied. But this is not the case, these tools have been developed for internal productivity among employees and do not have specific security settings or advanced end-to-end encryption standards. They have not been developed as a channel with the outside of the organization and put the company’s information in constant danger.

On the one hand, it is important to consider security and on the other, the possibility of human error on the part of employees, the weakest link, who can share confidential folders in a hierarchical way with third parties outside the organization without wanting to do so.

For the cases of secure sending and receiving of corporate files, Tranxfer includes advanced security policies and an easy-to-use user and administrator interface. Along with the integration with SIEM, Tranxfer also offers traceability and audit reports that together with its configuration allows to carry out transfers in compliance with GDPR.

supervisar evolucion

Get Started with Avada Crypto

[contact-form-7 404 "Not Found"]

Looking for help? Get in touch with us

oficinas remotas