Story image

Shadow IT: Why danger lurks in dark spaces

08 Mar 2017

Make no mistake — shadow IT as a security problem is here to stay. Many CIOs are fighting to maintain their traditional control over enterprise IT assets, but the ubiquity and convenience of the cloud-based solutions are allowing individual lines of business to make their own IT purchases. These purchases are often outside “traditional” procurement controls, and therefore are taking place outside of the purview of the IT and security organisations.

Unsanctioned use of cloud services drives increased risks of data breaches and resulting financial liabilities. According to Gartner’s December 2015 research report, “Predicts 2016: Threat and Vulnerability Management,” “by 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.”

The business impact 

The presence of unknown cloud services makes it difficult for security teams to identify and manage the organisations total attack surface. Despite this challenge, the answer is not a wholesale ban on the use of these popular services. 

Many employees turn to unsanctioned cloud services because they often allow them to be more efficient and productive, solving a real business problem. Although blocking may be a quick-fix for the associated security issues, this does nothing to correct the underlying business problem that led to the unsanctioned applications in the first place.

Discovering and embracing the unknown

Not knowing what cloud services are present represents something dangerous – an unknown threat surface. Security departments need to understand what cloud services are being used within the organisation in order to get a handle on the real risk.

Security and IT organisations must embark on a proactive discovery mission where the infrastructure is instrumented to help identify what cloud services are being used and who is using them. When administrators are armed with this information, services can be analysed. Those with a legitimate business purpose can be properly secured, embraced and maintained. Those services which expose the organisation to excessive risk or which are superfluous in nature can be blocked. 

Technology and its role in the workplace are changing constantly, and because of shadow IT, many of these changes go undetected by those responsible for securing the workplace. Before any cloud-based application is used, the risks associated with that application must be understood and mitigated. Discovery of all unknown soft assets, such as SaaS, is critical to having a secure IT infrastructure. Once soft assets are discovered and associated risks are identified, teams can create appropriate controls.

Article by Dick Bussiere, technical director, Asia Pacific, Tenable Network Security.

Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."