shadow IT Giacomo Lanzi

Shadow IT: an overview

The practice of shadow IT is the use of computer systems, devices, software, applications and services without the explicit approval of the IT department. In recent years, it has grown exponentially with the adoption of cloud-based applications and services.

While shadow IT could improve employee productivity and drive innovation, it can also introduce serious security risks to the organization due to data breaches, potential compliance breaches and more.

Why users practice shadow IT

One of the main reasons employees apply shadow IT is simply to work more efficiently. A 2012 RSA study reported that 35% of employees believe they need to bypass their company’s security policies just to get their job done right. For example, an employee may discover a better file sharing application than is officially allowed. Once you start using it, the use may spread to other members of your department.

The rapid growth of cloud-based consumer applications has also increased the adoption of shadow IT practices. The days of packaged software are long gone; Common applications such as Slack and Dropbox are available with a simple click, and corporate data is easily copied beyond work applications to employee personal devices, such as smartphones or laptops, especially in BYOD (Bring Your Own Device) working conditions .

Shadow IT: Security Risks and Challenges

The point is that if the IT department is not aware of the use of an application, they cannot support or guarantee that it is secure. Industry analyst firm Gartner predicted, in 2018, that by 2020, one-third of successful attacks businesses experience focus on their shadow IT assets.

While it is clear that the practice will not go away, organizations can minimize risks by educating end users and taking preventative measures to monitor and manage unauthorized applications.

Not all shadow IT is inherently dangerous, but some features like file sharing and storage and collaboration (for example, Google Docs) can cause sensitive data leaks. This risk goes beyond applications alone: the RSA study also reports that 63% of employees send work documents to their personal email to work from home, exposing data to networks that cannot be monitored.

In times like the one we are experiencing, in which teleworking is encouraged and, in some cases, the only possible solution, it is essential to have an eye for the applications in use on employees’ computers.

shadow IT

Benefits of Shadow IT

Despite the risks, shadow IT has its advantages. Getting IT approval can take time that employees can’t afford to waste.For many employees, approval is a productivity bottleneck, especially when they can get a fix in minutes.

Having IT behaving like an Orwellian “Big Brother” doesn’t always help productivity. Discerning cases of positive shadow IT can be the best compromise. Finding a middle ground can allow end users to research solutions that work best for them. This gives IT time to control user data and permissions for applications. If end users do not need to request new solutions, the IT department has been given time to focus on more critical tasks.

Proactive defense

Whatever the reason why shadow IT occurs, if the IT department is unaware of it, the risk of breach is high. What the corporate cyber security departments should do is implement automated traffic and behavior control systems.

The solution offered by a SOC as a Service is the most complete in this respect. It allows you to keep an eye on all the devices in the system and also monitor user behavior.

Thanks to the Nextgen SIEM and UEBA systems, in fact, the collection of usage data is easy and manageable in real time. The data collected is enriched and aggregated to give analysts the most complete view possible and allow rapid intervention. Meanwhile, the UEBA system checks that there are no anomalous behavior by users or suspicious outgoing data traffic.

Shadow IT, while not usually a malicious attack, is a practice that should be discouraged and, as it is risky, stopped in the bud.

Useful links:

Share


RSS

More Articles…

Categories …

Tags

RSS darkreading

RSS Full Disclosure

  • Microsoft leak of PlayReady developer / Warbird libs June 21, 2024
    Posted by Security Explorations on Jun 21Hello All, On Jun 11, 2024 Microsoft engineer posted on a public forum information about a crash experienced with Apple TV service on a Surface Pro 9 device [1]. The post had an attachment - a 771MB file (4GB unpacked), which leaked internal code (260+ files [2]) pertaining to […]
  • Business Logic Flaw and Username Enumeration in spa-cartcmsv1.9.0.6 June 16, 2024
    Posted by Andrey Stoykov on Jun 15# Exploit Title: Business Logic Flaw and Username Enumeration in spa-cartcmsv1.9.0.6 # Date: 6/2024 # Exploit Author: Andrey Stoykov # Version: 1.9.0.6 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2024/04/friday-fun-pentest-series-5-spa.html Description - It was found that the application suffers from business logic flaw - Additionally the application is vulnerable […]
  • APPLE-SA-06-10-2024-1 visionOS 1.2 June 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Jun 11APPLE-SA-06-10-2024-1 visionOS 1.2 visionOS 1.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT214108. Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. CoreMedia Available for: Apple Vision Pro Impact: An app may be […]
  • CyberDanube Security Research 20240604-0 | Multiple Vulnerabilities in utnserver Pro/ProMAX/INU-100 June 9, 2024
    Posted by Thomas Weber via Fulldisclosure on Jun 09CyberDanube Security Research 20240604-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| SEH utnserver Pro/ProMAX / INU-100 vulnerable version| 20.1.22 fixed version| 20.1.28 CVE number| CVE-2024-5420, CVE-2024-5421, CVE-2024-5422 impact| High homepage| https://www.seh-technology.com/...
  • SEC Consult SA-20240606-0 :: Multiple critical vulnerabilities in Kiuwan SAST on-premise (KOP) & cloud/SaaS & Kiuwan Local Analyzer (KLA) June 9, 2024
    Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 09SEC Consult Vulnerability Lab Security Advisory < 20240606-0 > ======================================================================= title: Multiple critical vulnerabilities product: Kiuwan SAST on-premise (KOP) & cloud/SaaS Kiuwan Local Analyzer (KLA) vulnerable version: Kiuwan SAST
  • Blind SQL Injection - fengofficev3.11.1.2 June 9, 2024
    Posted by Andrey Stoykov on Jun 09# Exploit Title: FengOffice - Blind SQL Injection # Date: 06/2024 # Exploit Author: Andrey Stoykov # Version: 3.11.1.2 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html Steps to Reproduce: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into […]
  • Trojan.Win32.DarkGateLoader (multi variants) / Arbitrary Code Execution June 9, 2024
    Posted by malvuln on Jun 09Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/afe012ed0d96abfe869b9e26ea375824.txt Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Trojan.Win32.DarkGateLoader (multi variants) Vulnerability: Arbitrary Code Execution Description: Multiple variants of this malware look for and execute x32-bit "urlmon.dll" PE file in its current directory. Therefore, we can...
  • SQL Injection Vulnerability in Boelter Blue System Management (version 1.3) June 9, 2024
    Posted by InfoSec-DB via Fulldisclosure on Jun 09Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management (version 1.3) Google Dork: inurl:"Powered by Boelter Blue" Date: 2024-06-04 Exploit Author: CBKB (DeadlyData, R4d1x) Vendor Homepage: https://www.boelterblue.com Software Link: https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_US Version: 1.3 Tested on: Linux Debian 9 (stretch), Apache 2.4.25, MySQL >= 5.0.12 CVE:...
  • CyberDanube Security Research 20240528-0 | Multiple Vulnerabilities in ORing IAP-420 May 30, 2024
    Posted by Thomas Weber via Fulldisclosure on May 29CyberDanube Security Research 20240528-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| ORing IAP-420 vulnerable version| 2.01e fixed version| - CVE number| CVE-2024-5410, CVE-2024-5411 impact| High homepage| https://oringnet.com/ found| 2024-01-19 by| T. Weber...
  • HNS-2024-06 - HN Security Advisory - Multiple vulnerabilities in Eclipse ThreadX May 30, 2024
    Posted by Marco Ivaldi on May 29Hi, Please find attached a security advisory that describes multiple vulnerabilities we discovered in Eclipse ThreadX (aka Azure RTOS). * Title: Multiple vulnerabilities in Eclipse ThreadX * OS: Eclipse ThreadX < 6.4.0 * Author: Marco Ivaldi * Date: 2024-05-28 * CVE IDs and severity: * CVE-2024-2214 - High - […]

Customers

Newsletter

{subscription_form_1}