Detect Shadow IT
Context
Thomas is the CISO at a consulting firm with 80 employees. He suspects that some consultants are using unapproved file sharing tools to exchange sensitive documents with their clients. But he has no visibility over these practices.
The problem without SmartLink
Shadow IT — the use of software not approved by the IT department — represents a major security blind spot:
- Thomas doesn't know which SaaS applications are actually being used
- Client data may be circulating on unsecured tools
- It's impossible to guarantee GDPR compliance without a comprehensive inventory
- Security audits reveal vulnerabilities after the fact, never in real time
With SmartLink
Step 1 — Enabling detection
The SmartLink browser extension, deployed on company workstations, automatically detects the web applications used by employees. Thomas enables the Shadow IT feature from the admin panel.
Step 2 — Receiving alerts
Thomas's inbox in SmartLink fills with notifications: the extension has detected that 12 employees are using an unlisted file transfer service, and 5 others are using a personal project management tool.
Step 3 — Decision making
For each detected application, Thomas has the choice to:
- Approve the application and add it to the official SmartLink catalog
- Block access if the application poses a risk
- Investigate by contacting the users involved
Step 4 — Trace and document via Audit Trail
Thomas opens the Audit Trail and filters by the event type "Shadow IT detected". He gets the complete list: who used which unlisted application, when, and from which device. This data serves as documented evidence of detection and automatically feeds into the monthly CISO report in the "Shadow IT Detections" section.
Step 5 — Regularization
Thomas decides to add the file transfer service to the catalog after verifying its compliance. He creates a dedicated folder, configures access, and the relevant employees find the application directly in their SmartLink dashboard — this time in a secure and traceable manner.
What changes
| Without SmartLink | With SmartLink |
|---|---|
| No visibility over actual usage | Automatic real-time detection |
| Risks discovered during audits | Proactive alerts |
| Impossible to act quickly | Decision in just a few clicks |
| Data potentially exposed | Traceability and access control |
| No history of detected applications | Complete log filterable by "Shadow IT" type |
| Security reports compiled manually | Monthly CISO report with dedicated Shadow IT section |
Features used
- 🕵️ Shadow IT — Automatic detection of unlisted applications
- 📬 Messages — Centralized notifications
- 📁 Folder management — Organization of approved access
- 📜 Audit Trail — Log filterable by "Shadow IT detected" event type
- 📑 Reports — Monthly CISO report with Shadow IT section