How to Secure Against Access Management’s Biggest Risks: Shadow IT and BYOD

Written by

IT teams are challenged to secure every sign-in from every device, but this is becoming more difficult as the world of work continues to evolve. 

The shift to hybrid and remote work saw an influx of new SaaS tools to bridge the new way of working from anywhere. In the past, businesses would often be the driver introducing new tools, but nowadays new SaaS tools are often introduced by the employees themselves, who download the tools they need (or think they need) to work more efficiently. 

In a recent study, 1Password found that one in three workers use unapproved apps or tools – otherwise known as shadow IT, and that those who do rely on shadow IT use an average of five unapproved apps or tools.

That means that sensitive company data is disappearing into tools that IT can’t protect via SSO, ensure timely patching on, or deprovision users from when someone leaves the company. And that’s a problem.

Problematic Personal Devices

But the explosion of SaaS tools isn’t the only change that has challenged the traditional approach to security.

Without being tied to a physical location to work, employees are more often working from personal devices, outside the company’s MDM. In the past year, more than half of employees have worked on a personal device, and 17% of employees admit to never working on their work-provided devices – instead choosing to work from personal or public computers. 

When employees were in the office, IT teams could simply see if an employee was working from their work-issued device. Now, without visibility into what devices employees are working from, IT teams are unable to ensure that the devices are up to date and secure, or even if they belong to bad actors using phished credentials. 

And it’s not like IT teams aren’t working to put policies in place to manage the influx of new SaaS tools, or the use of personal devices.

More than 90% of security professionals say they have a company policy in place that requires employees to get approval to download and use new software and apps. However, more than 50% of security professionals admit they don’t have any control over whether employees are following the rules. 

That’s because traditional security tools aren’t equipped to handle the way people are working today. For instance, sign-on (SSO) is designed to help manage and secure access to applications, but it relies on IT knowing what applications employees are using. Unfortunately, this means SSO isn’t effective in protecting against shadow IT or the use of personal devices. 

Even if IT could get employees to share all the applications they’re using in order to add it to their SSO for secure provisioning, they would still face the “SSO tax” – where SSO providers require organizations to pay for each additional application being secured. This high SSO tax makes the cost of SSO prohibitive to many businesses of all sizes. 

And so IT teams are stuck with legacy tools incapable of providing a full security solution that covers all their access management needs.

Enter Extended Access Management (XAM).

XAM moves beyond the limitations of legacy tools and is capable of securing every sign-in for every app on every device from one place. It accepts that shadow IT and employees working from personal devices are challenges that are here to stay. 

With an understanding that employees will continue to find ways to work around security policies that they feel hinder productivity, XAM instead works to secure unmanaged devices and applications. This helps security and IT teams gain the visibility and control required to keep the organization secure, while still empowering employees to work in ways that are best for them.

1Password Extended Access Management is the first XAM solution available to businesses everywhere. Now businesses can secure every sign-in for every app on every device – no matter if employees are working from managed, or unmanaged devices and apps.

XAM is built for the security challenges facing IT team’s today.

Brought to you by

What’s hot on Infosecurity Magazine?