Unsanctioned Apps. PHOTO: Cybercrime Magazine.

What Employees Do In The Shadows… And How To Stop Them

Unsanctioned apps are a major security risk

Gil Friedrich

New York City, N.Y. – May 4, 2022

What happens in the shadows matters, especially when it comes to security. What you don’t know can — and most certainly will — hurt you. Luckily, there’s a way to shed some light on the situation.

We’re talking about Shadow IT, which refers to the practice of when employees work with unsanctioned software, hardware or apps on company devices. The idea is that employees may use different apps or software to complete business-related tasks. But these platforms may not be sufficiently secured and thus may expose company data. We’re probably all guilty of this.

Uploading a file to Google Drive, even though your company uses SharePoint because it’s easier. Downloading Slack to your computer despite typically using Teams. Accidentally sending a work email via your personal account. Sometimes we do it by mistake. Sometimes we do it because it’s just easier to work with familiar tools. Sometimes we’re just in a hurry.

With Shadow IT, employees bypass the corporate approval process to purchase SaaS-based solutions, such as Dropbox and Slack, to communicate business information internally or with partners, unknowingly placing their organization’s data at risk. In the modern workplace, this is inevitable.


Cybercrime TV: Gil Friedrich, Founder & CEO at Avanan

Protecting Office 365 inboxes from phishing attacks


A survey showed that 33 percent of Fortune 1,000 employees employ unapproved cloud-based platforms to store and share company data, violating corporate compliance and security policies and potentially exposing the corporate data to hackers.

A Converge report reveals that 83 percent of corporate employees engage in informal shadow practices and that 72 percent of CIOs were unaware of the scope of Shadow IT usage in their companies.

Most companies use, on average, 108 known cloud services, yet shadow IT usages total nearly 1,000. The risk here is that some of these third-party apps, left unprotected, can be vulnerable to attacks. By going outside monitored apps, data can be at risk.

How can you monitor this? How can you ensure your employees are productive without sacrificing security? You need to be able to monitor and detect usage of cloud services based on the analysis of corporate email.

Based on an analysis of email, Shadow IT protection should give you a direct insight into the cloud applications in use at your company. This works by identifying emails from cloud applications to users that suggest they have been using that application. Think of emails containing messages or subject lines like “Thank you for registering” or “You have a new notification.” When such an email is found in a user’s mailbox, a Shadow IT security event should be created and admins can take action accordingly.

Historically, this was done via a proxy-based Cloud Application Security Broker, or CASB. It can still be done via an endpoint agent, or by analyzing network device logs, but these all require tons of extra configuration and a difficult deployment. Even worse, it was only partial protection, as it didn’t extend to SaaS-based email.

Now, the best practice is to uncover unsanctioned services by looking for email-based evidence of SaaS usage. Anytime someone uses an unsanctioned app, admins can know. That will allow these platforms to be assessed, regulated and monitored — before they become a security risk.

The usage of unsanctioned apps has major security risks. It’s very easy for critical and important data to be exposed on these unprotected apps, or for third-party apps to introduce phishing and malware into your organization.

With proper Shadow IT protection, you can provide that additional layer of security and do so automatically.

That’s the type of action-oriented visibility a security solution should provide.

Start a Demo to Experience the Power and Simplicity of Avanan

Avanan Archives

Gil Friedrich is co-founder and CEO at Avanan.


About Avanan 

Avanan is a cloud email security platform that pioneered and patented a new approach to prevent sophisticated attacks. We use APIs to scan for phishing, malware, and data leakage in the line of communications traffic. This means we catch threats missed by Microsoft while adding a transparent layer of security for the entire suite and other collaboration tools like Slack.

Avanan catches the advanced attacks that evade default and advanced security tools. Its invisible, multi-layer security enables full-suite protection for cloud collaboration solutions such as Office 365™, G-Suite™, and Slack™.  The platform deploys in one click via API to prevent Business Email Compromise and block phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for multiple tools to secure the entire cloud collaboration suite, with a patented solution that goes far beyond any other Cloud Email Security Supplement.



Send this to a friend