Shadow apps, a section of Shadow IT, are SaaS purposes bought with out the data of the safety staff. Whereas these purposes could also be professional, they function inside the blind spots of the company safety staff and expose the corporate to attackers.
Shadow apps might embody cases of software program that the corporate is already utilizing. For instance, a dev staff might onboard their very own occasion of GitHub to maintain their work separate from different builders. They could justify the acquisition by noting that GitHub is an authorised software, as it’s already in use by different groups. Nevertheless, because the new occasion is used exterior of the safety staff’s view, it lacks governance. It might retailer delicate company information and never have important protections like MFA enabled, SSO enforced, or it might undergo from weak entry controls. These misconfigurations can simply result in dangers like stolen supply code and different points.
Forms of Shadow Apps
Shadow apps could be categorized based mostly on their interplay with the group’s methods. Two frequent varieties are Island Shadow Apps and Built-in Shadow Apps.
Standalone Shadow Apps
Standalone shadow apps are purposes that aren’t built-in with the corporate’s IT ecosystem. They function as an island in isolation from different firm methods and infrequently serve a selected objective, equivalent to activity administration, file storage, or communication. With out visibility into their use, company information could also be mishandled, resulting in the potential lack of delicate info as information is fragmented throughout numerous unapproved platforms.
Built-in Shadow Apps
Built-in shadow apps are way more harmful, as they join or work together with the group’s authorised methods via APIs or different integration factors. These apps might mechanically sync information with different software program, trade info with sanctioned purposes, or share entry throughout platforms. Because of these integrations, menace actors might compromise the complete SaaS ecosystem, with the shadow apps appearing as a gateway to entry the built-in methods.
How Shadow Apps Influence SaaS Safety
Information Safety Vulnerabilities
One of many major dangers of shadow apps is that they could not adjust to the group’s safety protocols. Workers utilizing unsanctioned apps might retailer, share, or course of delicate information with out correct encryption or different protecting measures in place. This lack of visibility and management can result in information leaks, breaches, or unauthorized entry.
Compliance and Regulatory Dangers
Many industries are ruled by strict regulatory frameworks (e.g., GDPR, HIPAA). When workers use shadow apps that have not been vetted or authorised by the group’s IT or compliance groups, the group might unknowingly violate these laws. This might result in hefty fines, authorized actions, and reputational injury.
Elevated Assault Floor
Shadow apps widen the group’s assault floor, offering extra entry factors for cybercriminals. These apps might not have hardened their entry controls, enabling hackers to take advantage of them and acquire entry to firm networks.
Lack of Visibility and Management
IT departments must have visibility over the apps getting used inside the group to successfully handle and safe the corporate’s information. When shadow apps are in use, IT groups could also be blind to potential threats, unable to detect unauthorized information transfers, or unaware of dangers stemming from outdated or insecure purposes.
Find out how an SSPM protects your SaaS stack and detects shadow apps
How Shadow Apps Are Found
SaaS Safety Posture Administration (SSPM) instruments are important to SaaS safety. Not solely do they monitor configurations, customers, gadgets, and different components of the SaaS stack, however they’re important in detecting all non-human identities, together with shadow purposes.
SSPMs detect all SaaS purposes that join to a different app (SaaS-to-SaaS), enabling safety groups to detect built-in shadow apps. Additionally they monitor sign-ins via SSOs. When customers signal into a brand new app utilizing Google, SSPMs make a document of that check in. Current gadget brokers which are linked to your SSPM are a 3rd strategy to see which new purposes have been onboarded.
As well as, SSPMs have new strategies of shadow app detection. An revolutionary strategy integrates SSPM with present e mail safety methods. When new SaaS purposes are launched, they usually generate a flood of welcome emails, together with confirmations, webinar invites, and onboarding ideas. Some SSPM options straight entry all emails and collect in depth permissions, which could be intrusive. Nevertheless, the extra superior SSPMs combine with present e mail safety methods to selectively retrieve solely the mandatory info, enabling exact detection of shadow apps with out overreaching.
E mail safety instruments routinely scan e mail visitors, on the lookout for malicious hyperlinks, phishing makes an attempt, malware attachments, and different email-borne threats. SSPMs can leverage permissions already granted to an e mail safety system, enabling the detection of shadow apps with out requiring delicate permissions being granted to one more exterior safety instrument.
One other methodology for shadow app discovery entails integrating the SSPM with a browser extension safety instrument. These instruments monitor consumer habits in actual time, and may flag consumer habits.
Safe browsers and browser extensions log and ship alerts when workers work together with unknown or suspicious SaaS apps. This information is shared with the SSPM platform, which compares it in opposition to the group’s approved SaaS checklist. If a shadow SaaS app is detected, the SSPM triggers an alert. This permits the safety staff to both correctly onboard and safe the shadow app or offboard it.
As organizations proceed to embrace SaaS purposes for improved effectivity and collaboration, the rise of shadow apps is a rising concern. To mitigate these dangers, safety groups should take proactive measures to find and handle shadow apps, leveraging their SSPM with shadow app discovery capabilities.
