Identropy is looking to help businesses eliminate the use of unvetted and unapproved SaaS services with a new service. The SaaS Advisory service was developed to root out SaaS applications not under the purview of IT departments and help put an end to their use.

Shadow IT is nothing new, but in the realm of credit card-based payments for cloud services, it has become much easier for end-users or entire business departments to circumvent the red tape of the IT department. Many business owners and managers are completely unaware that critical business and customers data is being kept outside the four walls of the enterprise in unapproved cloud apps.

The SaaS Advisory service provides a three-part framework to deal with the problem of shadow SaaS:

  • Inventory. First, the service is given an inventory of SaaS applications currently in use by the organization. Identropy's technology uses a combination of technology tools and interviews with key stakeholders to get an accurate inventory of cloud services, as well as the organization's planned future use of cloud and SaaS apps. Then the inventory is vetted against Identropy's database of more than 500 SaaS apps.
  • Assess. Identropy compares the organization's portfolio of SaaS apps against existing enterprise identity access management (IAM) capabilities "to identify synergies and gaps."
  • Formulate. After that, Identropy formulates a set of recommended strategies and tactics for proper integration with existing IAM efforts. It's targeted at addressing the current identified SaaS apps in the organization but also provides an ongoing framework to capture new SaaS apps.

"The rapid adoption of SaaS apps has given rise to the 'shadow IT' problem -- when individuals or business units provision cloud applications without regard to corporate IT procurement and governance processes," said Aldo Pietropaolo, director of professional services for Identropy, in a prepared statement. "Because IT organizations can't control their cloud providers' IT risk posture, it's essential that all cloud-based applications in use in the organization are integrated into existing IAM governance processes. We've received so much demand for help with this that we launched a dedicated SaaS Advisory service to ensure organizations are positioned to maximize their investment in both IAM and SaaS."

There are indications that the use of unapproved cloud services is becoming a greater problem, and IT organizations need a way to regain control of applications and data. Solutions providers can help solve the problem with tools on the market, as well as by taking a consultative approach to help organizations develop and enforce policies.