Bringing shadow IT out of the dark with DPI-driven traffic awareness

Christine Lorenz portrait

By Christine Lorenz
Published on: 22.07.2021

Reading time: ( words)
Categories: Network security

Shadow IT refers to the array of applications used by companies that neither originates in the company’s own IT department nor complies with the company’s IT policy. Spanning both hardware and software, shadow IT is used by employees looking for ways to do their work more effectively or be able to do their work in the first place.

The shadow gets bigger

Shadow IT has become more and more prevalent over the years, to the point that the number of cloud applications being used in a typical company is substantially higher than what has been approved by IT departments. This is in large part due to the conveniences of using SaaS, cloud applications and personal tools. That could include sending work files to one’s home computer via a personal Google Drive, using Skype or WhatsApp for work-related communication, and, of course, working on one’s personal devices.

On top of that, these tools have become more widespread at a time when the size of IT departments has decreased, leaving companies with less bandwidth to monitor and control the usage of different applications by employees. The general trend in companies has been to downsize their in-house software teams, thereby tacitly encouraging the usage of shadow IT to fill in the gaps.

Furthermore, business in general focuses more on data. That data also has to be democratized for a higher value to be gained from it. This leads to a situation where lots of employees are working with information — but in their own ways. This is complemented by the fact that more and more employees are now digital natives who are savvy in coming up with their own approaches to handling and sharing data.

An alternative pathway for innovation within companies

Shadow IT can actually benefit companies. Guided by the ingenuity of employees wanting to improve workflows, shadow IT can highlight inefficiencies in the current IT setup of a company, and present more efficient solutions. Compared to in-house IT that might not be suited for real business needs, shadow systems respond closely to what is needed in a given context. Thus, shadow systems are often sources of innovation that can then be implemented into an enterprise’s actual workflow. Indeed, a recent survey of IT professionals found that almost all respondents believe that incorporating shadow IT makes employees more productive, and over three-fourths believe that incorporating it confers a competitive advantage to their organizations.

The hidden perils

This said, shadow IT bears its risks. Although employees almost always use shadow IT with good intentions, adding external applications and devices into the mix of the company’s tools has its downsides as well. The reliability of different applications is undetermined, especially in relation to one another and over time. Some may end up expending more computational resources, such as memory, bandwidth or storage, than employees may have expected. Some may work well and be compatible with other applications, but not add up to the most efficient architecture and workflows. There is also lost investment in not using tools that have already been built.

Perhaps most significantly, there are security risks that come with using external hardware and software. The lack of standardized data governance associated with disparate shadow IT creates ripe conditions for accidental disclosure or misuse of data from within a company. Another risk are external threats, a third of which at this point may be targeting data on shadow IT systems. These cannot be vetted as thoroughly as in-house tools for their access mechanisms, backend motives, approval process and networking protocols. This means they can compromise the security of the company in which they are used.

Still, the genie is out of the bottle, and the advantages are vast. Ultimately, the goal is to allow shadow IT for the benefits it brings but to cut the risks associated with it. To do this, it is necessary to know all instances of possible risk, i.e. have knowledge of all points of use of shadow IT within a company.

Casting light into the shadow

A tool that avails just that capacity to see through a network is deep packet inspection (DPI). DPI is a network technology that examines network traffic not just for shallow information such as its source and destination but for more detailed information about its content. An advanced DPI engine, such as R&S®PACE 2, can classify data passing through a network based on the application it is coming from or the protocol it is using. For this in-depth analysis, the DPI engine employs pattern matching, behavioral, statistical and heuristic analyses as well as machine learning. It can also extract metadata even when traffic is encrypted, thus shedding light on wider traffic attributes. With this, DPI can be used to find out which applications are being used in a network in real time and with high granularity. This is necessary to gain visibility into the ecosystems of varied applications and devices created by shadow IT.

DPI can help identify shadow IT activity at the level of both hardware and software. It can observe CPU load and unusual consumption of storage and bandwidth, thus revealing which devices and which departments may be running external applications. It can even identify what kinds of devices—laptops, smartphones, flash drives, etc.—are being used to analyze risks specific to these devices. This also offers a better insight into the preferences of employees.

As for software, identifying what shadow applications are being used, including cloud and SaaS applications, can help pinpoint the security threats the company is susceptible to. Knowing which applications and stacks can lead to vulnerabilities enables proactive updating, patching and monitoring. Knowing from where the vulnerable applications are accessed —home or the office—can help craft appropriate remote working policies. Knowing not just the location but also the frequency of shadow IT system usage helps with analyzing the impact to official IT systems, as a surge in shadow IT systems on the same network as the incumbents could adversely impact the performance of the latter.

DPI can also complement automated asset tracking software to ensure that vital data and assets are not moved around without meeting certain requirements, and even when they are, the movements are recorded. This can in turn help companies with various compliance measures, which might be compromised when shadow IT systems lead to uncoordinated and unregulated data flows.

Making use of shadow IT

Shadow IT is an integral part of today’s corporate landscape, adding speed, efficiency and ingenuity to its workflows. However, policies to manage and control the risks generated by shadow IT are equally integral. Such smart IT policies require identification and insights into shadow IT activity, which in turn calls for extensive visibility into the enterprise network. This can be achieved with DPI.

Download our R&S®PACE 2 solution guide to find out more about its traffic inspection capabilities.

Christine Lorenz portrait

Christine Lorenz

Contact me on LinkedIn

Christine is DPI marketing expert at ipoque, joining the company in 2013. With her background in marketing communications, she is passionate about making people aware of the capabilities of traffic analytics and DPI use cases. Christine is a lover of Vietnamese food and spends most of her spare time running and cycling, exploring nature and the outdoors.

Related material

ipoque blog - discover the latest news and trends in IP network analytics

Sign up for our newsletter

Stay informed about the latest news and insights from ipoque