Using shadow IT discovery is a great way to identify data leakage – but how can organizations be certain that it is effective? First-generation cloud access security brokers (CASBs) rely on manually curating lists of cloud apps in order to enable shadow IT discovery. Each app must be individually evaluated so that its level of risk can be identified. It must also be tied to domains and IP addresses so that it can be detected in network or proxy logs. Unfortunately, there are so many apps in existence that it is impossible to gather all of the necessary information manually. However, the Next-Gen CASB is automating this process to keep up with the ever-expanding number of cloud apps.