Unauthorised application usage

Use the Unauthorised application usage dashboard in Risk Monitor to see if applications in your IT estate have been accessed by users who are not authorized to do so.

Description

The rules for what departments or users are authorized to access applications are configured on the Intended Access page. Any breaches of the rules are shown on this dashboard. If no rules have been set, the dashboard will not show any data.

The key figures and charts will quickly give you insights into, for example:

• The number and names of applications that have been accessed by unauthorized users.

• The number of unauthorized users in a certain department of your organization.

• The users with the highest count of unauthorized usage.

Use the table to look up information on the unauthorized usage, for example, what date a certain user last used a certain application.

You can filter the data to focus on unauthorized usage for a certain parameter. All key figures, charts, and tables will adjust to show the results filtered by the selected parameter. Use the filters to focus on, for example:

• Unauthorized usage of a specific application.

• Unauthorized usage by a specific department or user.

• Unauthorized usage of vulnerable applications.

• Unauthorized usage of applications that may contain personally identifiable information.

Related use cases

For information on related uses cases, see the following sections:

• Find out if there has been any unauthorized usage of a certain PII risk application

• Find out if there has been any unauthorized usage of PII risk applications

• See unauthorized usage details for a user

Characteristics

You can refer to the tables below for descriptions of the key figures, filters, charts, and tables on the dashboard.

Key figures

The key figures give a quick overview of the status of the unauthorized usage of applications in your IT estate.

Key figure	Description
Unauthorised applications	The number of applications that have been accessed by unauthorized users.
Unauthorised users	The number of users that have used applications they are not authorized to access.
Unauthorised usage (users)

Filters

Use one or more filters to focus on specific aspects of unauthorized application usage. All the key figures, charts, and tables on the page will adjust to show the results filtered by the selected parameter or parameters.

Filter	Description
Application name	Select an application name from the list to see details of unauthorized usage of the application. Only applications that are included in a rule for intended access are displayed in the list.
Organization	Select an organizational unit from the list to see details of the unauthorized application usage for that organizational unit.
PII risk	Select True to see details of unauthorized usage of applications that may contain personally identifiable information. Select False to see details of unauthorized usage of applications that do not contain personally identifiable information.
User	Select a user from the list to see details about the user's unauthorized usage of applications, for example, application names and number of minutes of unauthorized usage. Only unauthorized users are displayed in the list.
Vulnerable application	Select True to see details of unauthorized usage of vulnerable applications. Select False to see details of unauthorized usage of applications that are not vulnerable.
Device name	Select a device name from the list to see details about unauthorized usage of applications installed on the device, for example, application names and users.

Charts

Use the charts to get insights into different aspects of the unauthorized usage of applications in your IT estate.

Select a bar in a chart to focus on the unauthorized usage for that item, for example for an application, a department, or a user. All the key figures, charts, and tables on the page will adjust to show the results filtered by the selected item.

Chart	Description
Unauthorised application usage	Shows the names of all applications that have been accessed by unauthorized users.
Unauthorised users - by department/OU	Groups the number of unauthorized users by department or organizational unit.
Unauthorised usage (minutes per run) - by user	Shows all unauthorized users and the number of minutes each user has used applications without authorization.

Tables

Use the table to see details about the unauthorized usage of applications.

Select a column header to sort the table by that column.

Table

Description

Application user access details

Unfiltered, the table includes all applications that have been accessed by unauthorized users. The following details are shown in the table: Application name: The name of the application that has been accessed by an unauthorized user. If several unauthorized users have accessed the same application, the application name occurs in multiple rows—one for each user. Department/OU: The department or organizational unit that the unauthorized user belongs to. User: The name of the unauthorized user. Last logged on: The date on which the unauthorized user last logged on to a device. User authorised: Since the table displays only unauthorized users, this column indicates False for all rows. Last used: The date on which the unauthorized user last used the application. Run (count): The total number of minutes that the unauthorized user has used the application. Per run (min): The average number of minutes that the user has used the application per run.