shadow IT Giacomo Lanzi

Shadow IT: an overview

The practice of shadow IT is the use of computer systems, devices, software, applications and services without the explicit approval of the IT department. In recent years, it has grown exponentially with the adoption of cloud-based applications and services.

While shadow IT could improve employee productivity and drive innovation, it can also introduce serious security risks to the organization due to data breaches, potential compliance breaches and more.

Why users practice shadow IT

One of the main reasons employees apply shadow IT is simply to work more efficiently. A 2012 RSA study reported that 35% of employees believe they need to bypass their company’s security policies just to get their job done right. For example, an employee may discover a better file sharing application than is officially allowed. Once you start using it, the use may spread to other members of your department.

The rapid growth of cloud-based consumer applications has also increased the adoption of shadow IT practices. The days of packaged software are long gone; Common applications such as Slack and Dropbox are available with a simple click, and corporate data is easily copied beyond work applications to employee personal devices, such as smartphones or laptops, especially in BYOD (Bring Your Own Device) working conditions .

Shadow IT: Security Risks and Challenges

The point is that if the IT department is not aware of the use of an application, they cannot support or guarantee that it is secure. Industry analyst firm Gartner predicted, in 2018, that by 2020, one-third of successful attacks businesses experience focus on their shadow IT assets.

While it is clear that the practice will not go away, organizations can minimize risks by educating end users and taking preventative measures to monitor and manage unauthorized applications.

Not all shadow IT is inherently dangerous, but some features like file sharing and storage and collaboration (for example, Google Docs) can cause sensitive data leaks. This risk goes beyond applications alone: the RSA study also reports that 63% of employees send work documents to their personal email to work from home, exposing data to networks that cannot be monitored.

In times like the one we are experiencing, in which teleworking is encouraged and, in some cases, the only possible solution, it is essential to have an eye for the applications in use on employees’ computers.

shadow IT

Benefits of Shadow IT

Despite the risks, shadow IT has its advantages. Getting IT approval can take time that employees can’t afford to waste.For many employees, approval is a productivity bottleneck, especially when they can get a fix in minutes.

Having IT behaving like an Orwellian “Big Brother” doesn’t always help productivity. Discerning cases of positive shadow IT can be the best compromise. Finding a middle ground can allow end users to research solutions that work best for them. This gives IT time to control user data and permissions for applications. If end users do not need to request new solutions, the IT department has been given time to focus on more critical tasks.

Proactive defense

Whatever the reason why shadow IT occurs, if the IT department is unaware of it, the risk of breach is high. What the corporate cyber security departments should do is implement automated traffic and behavior control systems.

The solution offered by a SOC as a Service is the most complete in this respect. It allows you to keep an eye on all the devices in the system and also monitor user behavior.

Thanks to the Nextgen SIEM and UEBA systems, in fact, the collection of usage data is easy and manageable in real time. The data collected is enriched and aggregated to give analysts the most complete view possible and allow rapid intervention. Meanwhile, the UEBA system checks that there are no anomalous behavior by users or suspicious outgoing data traffic.

Shadow IT, while not usually a malicious attack, is a practice that should be discouraged and, as it is risky, stopped in the bud.

Useful links:

Share


RSS

More Articles…

Categories …

Tags

RSS darkreading

RSS Full Disclosure

  • Intel PowerGadget 3.6 Local Privilege Escalation March 28, 2024
    Posted by Julian Horoszkiewicz via Fulldisclosure on Mar 28Vulnerability summary: Local Privilege Escalation from regular user to SYSTEM, via conhost.exe hijacking triggered by MSI installer in repair mode Affected Products: Intel PowerGadget Affected Versions: tested on PowerGadget_3.6.msi (a3834b2559c18e6797ba945d685bf174), file signed on ‎Monday, ‎February ‎1, ‎2021 9:43:20 PM (this seems to be the latest version), earlier […]
  • Application is Vulnerable to Session Fixation March 27, 2024
    Posted by YOGESH BHANDAGE on Mar 27*Vulnerability Name - *Application is Vulnerable to Session Fixation *Vulnerable URL: *www.fusionpbx.com *Overview of the Vulnerability* Session fixation is a security vulnerability that occurs when an attacker sets or fixes a user's session identifier, manipulating the authentication process. Typically exploited in web applications, this vulnerability allows the attacker to […]
  • APPLE-SA-03-25-2024-1 Safari 17.4.1 March 27, 2024
    Posted by Apple Product Security via Fulldisclosure on Mar 27APPLE-SA-03-25-2024-1 Safari 17.4.1 Safari 17.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214094. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. WebRTC Available for: macOS Monterey and macOS Ventura Impact: Processing an […]
  • APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1 March 27, 2024
    Posted by Apple Product Security via Fulldisclosure on Mar 27APPLE-SA-03-25-2024-2 macOS Sonoma 14.4.1 macOS Sonoma 14.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214096. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: macOS Sonoma Impact: Processing an image […]
  • APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6 March 27, 2024
    Posted by Apple Product Security via Fulldisclosure on Mar 27APPLE-SA-03-25-2024-3 macOS Ventura 13.6.6 macOS Ventura 13.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214095. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: macOS Ventura Impact: Processing an image […]
  • APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1 March 27, 2024
    Posted by Apple Product Security via Fulldisclosure on Mar 27APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1 iOS 17.4.1 and iPadOS 17.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214097. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: iPhone XS […]
  • APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7 March 27, 2024
    Posted by Apple Product Security via Fulldisclosure on Mar 27APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7 iOS 16.7.7 and iPadOS 16.7.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214098. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: iPhone 8, […]
  • APPLE-SA-03-25-2024-6 visionOS 1.1.1 March 27, 2024
    Posted by Apple Product Security via Fulldisclosure on Mar 27APPLE-SA-03-25-2024-6 visionOS 1.1.1 visionOS 1.1.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT214093. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: Apple Vision Pro Impact: Processing an image may […]
  • Escape sequence injection in util-linux wall (CVE-2024-28085) March 27, 2024
    Posted by Skyler Ferrante (RIT Student) via Fulldisclosure on Mar 27Wall-Escape (CVE-2024-28085) Skyler Ferrante: Escape sequence injection in util-linux wall ================================================================= Summary ================================================================= The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows...
  • Win32.STOP.Ransomware (smokeloader) / Remote Code Execution (MITM) March 27, 2024
    Posted by malvuln on Mar 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/3b9e9e130d52fe95c8be82aa4b8feb74.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Win32.STOP.Ransomware (smokeloader) Vulnerability: Remote Code Execution (MITM) Family: Stop Type: PE32 MD5 3b9e9e130d52fe95c8be82aa4b8feb74 Vuln ID: MVID-2024-0676 Disclosure: 03/22/2024 Description: There are two roads to...

Customers

Newsletter

{subscription_form_1}