The COVID-19 global pandemic is upending business operations around the world. The sudden and swift shift of millions of workers from on-site to remote work environments challenged and continues to challenge organizations as never before.
In the rush to virtually connect remote workers to the workplace, however, employers and MSPs may have overlooked security — and cybercriminals have already begun to take advantage.
This is the kind of situation that gives MSPs and cybersecurity teams nightmares. Employees are now using unsupported software (Shadow IT) that opens up tons of vulnerabilities.
This leads to a host of new challenges. Your technicians are now trying to manage businesses that have employees scattered all over with poor security standards.
Not all is lost, securing your clients’ remote work teams now will likely save much time and money later and give your clients a long-term advantage.
The Shadow IT Problem Created by Remote Work
Business continuity and adaption was the focus for many during the early weeks of the crisis.
Businesses drastically increased capacity to meet the needs of businesses and consumers: virtual meetings, live streaming, automated customer assistance, business intelligence driven by machine learning, online education, and more.
In the rush, many companies and their MSPs compressed or ignored their standard security processes. While understandable given the speed the business demanded, those policies exist to protect the business from bad actors (internal and external).
The reason these things take time is most companies have very complex IT environments. Many employees now use remote desktops and unapproved file sharing and applications. (This is where shadow IT comes into play.)
Consequently, many companies can’t answer a basic question: “what applications are my employees using right now?” This means that security breaches could be occurring as we type this and remain undiscovered for months.
This creates tons of other issues, including:
- Clients don’t know where their sensitive data is, which is a compliance nightmare.
- Clients don’t know who has access to it. If someone leaves the company suddenly, they won’t know what access they have to revoke.
- Poor password practices can go unchecked as people sign up for new accounts they may use weak passwords or reuse old passwords.
You Need to Do a SaaS Security Audit
If your clients took short-cuts to expand remote connectivity, you should prioritize doing an assessment that reviews access and the threats these new remote workers may inadvertently be creating.
Your environment is now fundamentally different. What was good just a few weeks ago may not be adequate today.
You should ask: How does the shift to remote-work mode change your clients’ cybersecurity environments? Which cyber-hygiene practices do they already use, and which do they need to add for remote work? Which other risks — operational, regulatory, and compliance — should you manage for them?
You should also assess how well their critical people, processes, and technology are operating when it comes to capacity and capability and which risks are of greatest concern.
With a SaaS audit, you can discover the full SaaS Applications mix used in your client’s environment to help them mitigate the risks of remote work.
You can do this using Augmentt Discover for MSPs. Using our advanced log file analysis framework, we allow you to quickly identify every SaaS application being used on your clients’ network, across the entire employee base.
Once the data has been loaded into the system, we compare it to our internal SaaS Application database which includes over 15,000+ vendors and applications.
By using an advanced application classification algorithm, we can provide you with actionable data in the areas of finance, security, and productivity for your clients.
Getting Started Involves Gaining Visibility
Perhaps the single-most important step you can take to mitigate the risks posed by Shadow IT is to make sure you uncover it. It’s impossible to manage something if you don’t know it exists.