Definition
Shadow IT is the use of technology - typically SaaS applications - by business teams without formal IT approval or governance. A typical mid-sized enterprise has 800-1,500 cloud apps in active use, of which only 100-200 are formally sanctioned. The risk: ungoverned data flow, compliance gaps, license sprawl, security blind spots. Discovering shadow IT is the first job of a CASB: by analyzing firewall and SWG logs, the CASB surfaces every cloud app user accessed, with risk scoring per app. From there, organizations can rationalize the portfolio (sanction or block) and apply appropriate controls. Symantec CloudSOC shadow IT discovery is often the entry-point use case for CASB engagements.
Symantec products that implement this
- Symantec CASB (CloudSOC) - Cloud Access Security Broker for SaaS - visibility into shadow IT, inline enforcement on sanctioned apps, API-based scanning for data at rest, and user behavior analytics.
Related terms
- CASB (Cloud Access Security Broker) - Security layer between users and cloud apps; provides visibility, governance, and DLP for SaaS.
- CloudSOC - Symantec's CASB product (formerly Elastica, acquired in 2015).
Deep-dives on Shadow IT
- Microsoft 365 DLP with Symantec CloudSOC: the integration deep-dive - How to extend Symantec DLP into Microsoft 365 through CloudSOC - what API connectors provide, what inline integration adds, and where Symant…