Managing Shadow IT Risks With My1Login

Shadow IT can be a controversial topic for CIOs, with some reports estimating that unauthorised cloud usage is at least ten times higher than that known to IT departments. Corporate IT policies typically focus on mandating the use of security and identity protocols, password policies and Multi-Factor Authentication (MFA) but these are often considered from the perspective of core applications that are central to the entire workforce and this does little to protect the enterprise from the diverse array of cloud-based, line of business applications that are non-core, but often utilised extensively by departments and pockets of users across the organisation. Being cloud-based, these applications make it relatively easy for teams and departments to adopt them without IT teams being involved. With an increasing amount of corporate data migrating to these applications, this creates a sprawling attack surface that makes the enterprise a bigger target for bad actors.

These Shadow IT applications are typically adopted with good intentions, often to solve problems, improve productivity, and drive innovation. If the associated risks can be removed, Shadow IT can provide businesses with the flexibility required to succeed in highly competitive industries. Ultimately though, in order to release the benefits from Shadow IT, the associated risks need to be mitigated. Here is how My1Login can enable CIOs to overcome those risks, and leverage the potential business benefits present within Shadow IT.

Identify

My1Login’s application discovery mode enables enterprises to identify the login forms of web applications being accessed by the workforce and report these to IT administrators. These “unknown” web applications then appear as notifications within the My1Login admin portal together with a summary of the users accessing these applications.

The login forms of new and unknown web applications are identified using My1Login’s internationally patented, login form-finder technology, that provides the most advanced method of detecting login forms available.

Protect

Shadow IT risks of newly identified applications can then be managed from the My1Login admin portal where Administrators are able to undertake the following actions:

• Move to Inclusion List: The newly detected application is moved to the Single Sign-On inclusion list. This ensures identities for these applications are managed, with My1Login automatically learning the credentials used by users to access the application and storing these within the user’s My1Login account.
  
  
• Move to Exclusion List: The newly detected application is moved to the Single Sign-On exclusion list. This ensures identities for these applications are not managed by My1Login and that credentials are not stored. Moving to the exclusion list does not prevent users from accessing the application.
  
  
• Ignore: Choosing to ignore a notification temporarily suppresses it from the notifications list. It is not added to the inclusion or exclusion list and will re-appear the next time a user logs into that application.

After applications are integrated with My1Login, further action can be taken by administrators to secure these identities by enforcing password policies and/or configuring step-up or MFA challenges before releasing credentials to users for Single Sign-On.

Conclusion

Employees using shadow IT can cause data losses after leaving the organisation, either as a result of the data being lost due to a lack of visibility that the application was being used, or by employees deliberately retaining access to it. My1Login can ensure the right users have the right access to the right data at the right time, and more importantly, should that employee leave, their access can be automatically revoked.

By detecting and centralising control and visibility of applications in use, the enterprise will have line of sight on where corporate data is being stored and processed, and be positioned to mitigate the risks of unsecure practices being used to access these applications.

My1Login enables enterprises to mitigate shadow IT risks, achieve compliance through better governance of these apps and release productivity gains that help put the business back in control of identities.