What is Shadow IT?
Shadow IT is the use of hardware, software, or cloud services by a corporate user or department without the knowledge of the IT security team within the organization. With the shift to the Cloud and the rapid adoption of cloud-based services, the growth of Shadow IT has accelerated, often introducing security and compliance concerns.
As a consequence, a shadow supply chain arises – a complex web of unknown cloud applications, user accounts, data, and permissions scattered across the internet. With so many tools available online that are easy to sign up for and install, users have developed a habit of adopting cloud apps and services to assist them in their work. But this often means engaging with a third-party vendor without involving security teams at all or until the very end of the process.
Solving the Shadow IT Supply Chain Issue
The ability to discover unknown vendors and unlock extra intelligence on already monitored vendors in your network is something you can easily achieve with our integration with Netskope.
The Bitsight VRM and Netskope integration provides customers with unrivaled visibility and real-time data on the usage of cloud services, websites, and private apps from anywhere, on any device across the network.
An intelligence-driven data flow creates direct connections with the Cloud applications being used by each employee, whether they were reported to the security team or not. This helps organizations solve the industry problem of Shadow IT.
By seamlessly moving data, Bitsight VRM and Netskope simplify and automate the task of discovering unknown vendors, adding them to the monitored inventory, and transmitting information in the manner that meets the needs and requirements of each business area. This creates a bridge between traditionally siloed teams, such as GRC, security, and risk managers.
How The Integration Works
Netskope automatically exports rich event logs into Bitsight VRM, so clients can extend their depth of visibility and context. This provides a 360° view of your vendor ecosystem, including third and fourth parties, with an inside-out perspective and insights into the most prized data and who has access to it.
Netskope intelligence is a force multiplier for your TPRM program, where results can be used to enhance controls and configuration. You will benefit from an authentic risk engine that continuously learns from internal and external data processing (impact, user behavior, service interactions, transactions, etc.).
To leverage this data, Bitsight VRM users need to simply click a button to add newly discovered vendors to their managed inventory and overall TPRM process.
Consider a shadow IT use case. Netskope will discover unknown vendors with access to your network and allow you to:
- See how many users in your network are engaging with the vendor
- See how much time your users have engaged with the vendor
- See how much data the vendor has accessed, measured in MBs
- Add the vendor to your actively monitored vendor inventory and subsequent TPRM process (risk assessment, scoring, questionnaires, reassessments, etc.)
- Create a rich data bridge between DevOps, GRC, and IT security, where findings are no longer siloed, but shared to increase collaboration
This integration is available to those already using Bitsight VRM. Aspiring customers and/or current Netskope customers, can contact Bitsight associates to see the integration in action and begin to learn how it can help their organization.