Category: Shadow IT

Securing Shadow IT Starts with Automation

Shadow IT is a modern security challenge for the very best reasons – your users rely on it to find new and arguably innovative ways to be more productive. While getting more done more effectively isn’t a bad thing, rogue applications that aren’t supported and maintained by IT is. While we haven’t seen Shadow IT in the headlines as much recently, the problem remains very real. Gartner estimated 38% of technology purchases in 2017 were managed and controlled by business leaders, not IT.
There’s another reason the headache of Shadow IT persists – because addressing the pain of these security incidents waiting to happen is well, painful. There are a few solid approaches you can try to reduce the use of renegade applications and services. The first is a PR program for your IT team. Building awareness of and trust in the important work IT does every day is key to attacking the root of the problem. Collaborate; get involved with other business units. In theory, by creating a bridge between IT and users, it can be easier to break down misconceptions about the barriers to bringing in new technologies and reinforce important security policies.

Automation is another important (and less ambiguous) component to addressing Shadow IT and it’s easier to accomplish in the short term. Setting rules that block traffic by application or network path is a strong step forward in at least blocking the known trouble makers and setting policy for what can and cannot be done. It also makes sense for your budget. According to the 2018 Total Economic Impact study done by Forrester, information security professionals can save 12 minutes in the analysis and triage phase on every security-related response with Absolute.
New Reach Automation Tools
Absolute Reach is a custom query and remediation feature of the Absolute Platform. Today, we added nine new scrips to the hundreds already executed across millions of devices. To address the challenges of Shadow IT, you can now add firewall application rules to prevent traffic from routing through a specific application. Regardless of what your user does on the device, no traffic will flow through the application. This is useful for preventing any unauthorized applications or network paths such as cloud-based file transfers or Torrent applications. And, if you need to reset your firewall settings after a period of time, there is a script for that too.
To address the challenge of managing Windows Updates, two additional scripts have also been added to disable Windows Update Sharing to support bandwidth constraints. You can also generate an automated log of any failed Windows Updates across a given device population.
Because incorrect network settings or misconfigurations often cause user frustration and negatively impact productivity, two more new scripts flush Address Resolution Tables (ARP) or DNS Resolver Caches, helping reset settings back to standard configurations. The ability to run an automated script to enable DHCP settings to automatically assign an IP address within a defined range can help prevent man-in-the-middle attacks.
Like all features of the Absolute platform, they can be performed on devices on or off the network which helps you address potential security vulnerabilities or misconfigurations on devices that are outside of the bounds of your traditional tools. They are available to all Absolute Resilience customers and can be found in the Reach library. The full list of new Reach scripts is in the table below. And more will be dropping soon. Explore Reach for yourself in this short video.

New Script Name

 Flush ARP Tables
Flush the ARP tables on a system

 Add Firewall Application Rules
Add / create a firewall application rule

Remove Firewall Application / Port Rules
Remove firewall application / port rules

Reset the Firewall Advanced Firewall Settings
Reset the Windows Firewall to defaults

Flush DNS Resolver Cache
Flush the DNS resolver cache on a system

Release / Renew IP Address
Release the IP & renew IP for the active adapters a system

Email Failed Windows Updates
Report the failed installation of Windows Updates on a system

Disable Windows Update Sharing
Disable the Windows Update Sharing feature / Windows Update

Enable DHCP for DNS
Update the DNS to DHCP, instead of static

5 Ways to Improve Insider Threat Prevention

If you browsed the latest security headlines, you’d probably think the majority of data breaches were related to hackers, political activists, malware or phishing. While the latter two hint at it, the truth is that nearly half of all data breaches can be traced back to insiders in some capacity.
While we recently examined the rising of the politically motivated insider, the truth is that most incidents are traced back to employees who are just negligent or unaware, whether it’s accidentally emailing customer data to an external party or clicking a phishing link. I was recently invited to join the Forbes Technology Council and I wrote about The Many Faces of Insider Threats where I examined the different ways an insider can create an incident within your organization. Today, let’s take a closer look at the negligent insider.
Negligent Insiders Are the Hardest to Identify
Most “mistakes” come from negligent insiders. Unfortunately, these insiders are often the hardest to identify. With no malicious intent, these employees are just trying to be productive and independent, which sometimes leads them to circumvent IT, download insecure apps or mistakenly click that phishing link. The ‘ways’ that insiders put data at risk are always changing.
A combination of education and technology is the best approach to detecting and remediating negligent user behavior. While security training is pretty standard these days for new employees, it’s not uncommon for most organizations to forget to build in reminders or to update training over time. Employees may simply forget they aren’t supposed to email data or use open Wi-Fi networks. 
Insider Threat Prevention Requires Visibility
With the explosion of cloud storage, SaaS and the growth in IoT, OT and IoT devices, there are now more ways than ever for data to be inappropriately shared, making it difficult to be 100% certain where company data and sensitive information may end up.
While I expect big things to come out of intent-based security, machine learning and AI, we don’t need to look to future technology to solve all of today’s problems with insiders. We’ll never shore up all the cracks in data security, but we can most definitely improve on the status quo.

Watch the movement of data – you need to be able to watch for the movement of critically important internal and customer data as it traverses within (and outside) your environment. Most organizations are solid on network monitoring, but lack control and visibility over data as moves onto devices or into the cloud.
Monitor for Shadow IT – look for applications and tools that have not been approved or vetted by your IT and security teams for use. While blocking all non-approved apps and tools could clamp down on productivity, it is critical to have plans in place when these apps may compromise sensitive data
Address endpoint security – ensure the physical security of your employee devices and the corporate data stored on those devices
Have a solid asset management solution – a solution gives you the capability to immediately respond to a lost or stolen device, closing the window of opportunity for an attacker to capitalize on the data or network access associated with a stolen device
Choose strong security layers – back up your asset management solution with full disk encryption, anti-virus and malware, VPN to minimize access to a device and the data it contains

Threats posed to your organization’s data aren’t always going to be malicious, but the risks they pose are serious and real. Being able to understand the multitudes of ways that data can be stolen and what those threats look like are critical to building a resilient enterprise that puts the protection of you and your customer’s data first.

88% of Retail Organizations Vulnerable to Data Threats

Target. Kmart. Home Depot. Neiman Marcus. Some of the biggest names in retail have been hit hard by data breaches in past years. Despite increased IT security spending, data breaches across all industries are accelerating. 88% of retail organizations in the US consider themselves vulnerable to data threats, with 19% experiencing a data breach in the past year, a figure which jumps to 43% for the global retail marketplace. Data from the Information Commissioner’s Office (ICO) suggests that retail firms reported twice as many data breaches in the past year, with more of those breaches attributed to a spike in cyber attacks.
With retail organizations mixing legacy systems and new technologies in mobile, big data, IoT and the cloud, security often takes a back seat. Research has shown that 9 out of 10 retail respondents believe network security is effective at protecting data from breaches, a belief which neglects the mobility of data in today’s mobile cloud-based world. This approach is not going to cut it, particularly with wide sweeping regulations coming into play such as GDPR, not to mention the financial and repetitional damage that occurs after a security breach.  A whopping 19% of shoppers say they would stop shopping at a retailer that falls victim to cyber attack, according to a KPMG study.
Retailers today possess more data then ever before, on everything from personal information to purchasing habits. These large data stores and the distributed nature of many retail organizations make retailers one of the top targets for cyber attackers. Following a wave of attacks in the past years, many retailers have taken steps to bolster transaction security (such as chip-enabled POS systems) and implementation of the PCI-DSS standard, but the threats have now shifted outside point of sale. According to a report by IBM, 26% of cyberattacks in 2016 were attributed to a 2-year-old vulnerability. We need to do better.
With an increasing reliance on vendors, mobile technology, e-commerce and the cloud, the retail risk landscape has shifted. To better protect the retail environment, organizations need new approaches to prevention, detection and response. 
With Absolute, you can detect, remediate and enforce compliance and accountability for sensitive data, wherever it is stored. Already embedded on more than 1 billion devices, Absolute offers the fastest and most effective endpoint discovery and asset management, from routine patch management queries to mission-critical remediation of device vulnerabilities. When it comes to data living off network, the Absolute platform delivers deep visibility into data on the endpoint allowing you to identify unauthorized apps to combat Shadow IT and to scan for sensitive or intellectual data – even if that data is not synced to the cloud.
With Absolute, you can easily find company devices missing critical patches and ensure they are updated, whether the endpoint is on or off the network, pre-empt security incidents by delivering insight into suspicious or anomalous activity, and respond quickly to contain threats or lock down data or devices to bolster your risk response capabilities. Plug the holes in your data security posture with the unparalleled visibility and control provided by Absolute.

The Challenges of Shadow IT

Shadow IT is a growing problem, and organizations must find the right balance of policy, processes and supporting technologies to get visibility into the data that’s living in the shadow. Here’s a look at the challenges — and how Absolute technology can help solve them…

Decentralization of IT Spending Puts Data at Risk

Recent insights from IDC’s Worldwide Semiannual IT Spending Guide: Line of Business demonstrates that corporate IT spending by non-IT business units continues to rise. And it’s that decentralization that puts data at risk. Here’s an overview — and insights on how to address it…

The Growing Challenges in Combating Shadow IT

Shadow IT is a huge and growing problem. Organizations must find the right balance of policy, processes and supporting technologies in order to regain visibility into the endpoint and the cloud where data is living in the ‘Shadow,’ all without becoming overtly restrictive and re-enforcing the negative-yet-well-meaning behavior that led to the growth of Shadow IT in the first place!
IT Business Edge polled a series of security leads on their perspectives on the risky behaviors that lead to Shadow IT. As Phil Richards, CSO of LANDESK, notes: “the existence and growth of shadow IT is usually a sign that the central IT organization is not meeting the needs of the business,” with business units and individuals making their own purchase decisions without the involvement of IT in order to become more productive, leading to the presence of data assets outside the control of IT.
Whether it’s downloading popular apps, using cloud storage applications or personal accounts, there are a myriad of risks identified by this report. Shadow IT remains a major risk because IT lacks visibility and control; if you don’t know where data is, you cannot protect it… indeed, you may not even know it has been breached. Shadow IT exacerbates many data security issues, from insider threats, malware, phishing, credential compromise and cyber attacks. As the 2016 Shadow Data Report demonstrates, organizations are using 841 cloud apps, almost all of which lack enterprise-grade security, with the Shadow use only exacerbating these shaky security foundations.
As Richard Henderson, Absolute’s own Global Security Strategist noted in the article, Shadow IT doesn’t just live in productivity apps and cloud storage, it also lives in social media:
“Popular applications like Twitter, Facebook and Skype are risky applications to add to a user’s device. These three applications alone are responsible for a significant amount of malware and information leakage, albeit almost unintentional.”
Shadow IT is a major crack in data security, one that needs immediate attention. As Richard has noted in another recent article, “attackers are not going to stop probing your infrastructure for cracks for even a moment,” so it’s time to regain control over the Shadow.
Absolute is helping confront the dangers of Shadow IT, detecting at-risk data stored on the endpoint or in cloud storage applications. Absolute Endpoint Data Discovery (EDD), which comes as part of Absolute DDS, scans for sensitive data, reducing your potential blindspots, with remote capabilities to wipe data and remediate security threats. To learn more, get started with your free evaluation version of Absolute DDS today.

Seeking Clarity for IoT

When it comes to IT acronyms and technical jargon fly fast and free. We’re always looking for a new way to name things, it seems. Shadow IT. Shadow Data. IoT. Shadow IoT. Security of Things. The desire for clarity through naming conventions can overshadow the message. When it comes down to it, most of the conversations are actually the same. It’s about data security. And it’s also about reputation management. So, let’s try to strip back the jargon around IoT and truly understand what is happening.
Understanding the Risks of IoT
Daniel Messier wrote for Dark Reading, “you can’t defend against something you don’t understand,” noting that with the vague promises of the Internet of Things come many risks, many of which have no way to be mitigated. In its infancy, many of these “things” are coming to market quickly with major design flaws and no way to remotely update them. Yes, the onus is on IoT device manufacturers to deliver a secure platform, but we’re not there yet, so how do you respond now? Third party oversight just doesn’t exist yet for the sheer variety of “things.”
Some have responded the risk of IoT devices, whether that’s compromised or hijacked devices or compromised data, by isolating these systems. However, isolating IoT systems from business systems does not erase the risks that these devices could still be used to attack others, as we’ve seen with the stories around hacked cameras being used in a massive botnet attack. This can result in costly damage to your corporate reputation.
To put it mathematically, the number of IoT devices being deployed multiplied by the insecurity of those devices multiplied by how hard it is to update them equals some idea of part of the risk that will be presented by IoT devices.
Although the Dark Reading article talks about ways to secure IoT devices, the advice only pertains to the IoT devices you know about. The current trends toward decentralized IT purchases, both at the business unit and employee-level, suggest that most IoT use cases will be in the “Shadow,” they won’t be approved or managed by IT. It may be, as Daniel suggests, that prevention is somewhat futile and we should focus on reducing the impact of IoT events.
Monika Brink suggests that “unless the security side of IoT is sorted out, it could hold back wider adoption of the technology,” and we agree. Sort of. We think a lack of a strong security footprint will hold back official corporate deployment of IoT systems, but it’s not going to slow down what’s happening at the business and employee-level.
The number of IoT devices is expected to reach 50 billion by 2020. Although many of the same technologies and procedures we use for addressing the risks associated with BYOD devices or the Cloud can and should be applied to the IoT, whether that’s role-based access control, encryption, malware prevention or visibility technologies, IoT security is going to remain elusive for a long time.
Do we have the answers for you. No. But we will keep talking about it. Absolute has long been a leader in conversations about data security and we will continue to offer our insights and thought leadership on the evolving technology landscape as it pertains to data security.
How is your organization tackling IoT?

Security in the Cloud Requires Visibility

There is a rapid enterprise movement toward the cloud, and yet such movement has remained uncoordinated. Gartner estimates that less than one-third of enterprises have a documented cloud strategy. This has led to an explosive growth in Shadow IT and Shadow data as well as application development that is uncoordinated and inefficient.
When it comes to the current security landscape, Gartner research has identified that SaaS applications are often the most risky of cloud deployments (as opposed to IaaS or PaaS), with the top risks including:

Sensitive data placed in unapproved services
Authorized users misusing cloud-based data
Stolen credentials
Unrecoverable data loss and service shutdown
Cloud compromise (“cloud hacking”)

Shadow IT
Typically, enterprises have as many as 20-900 SaaS vendors, which leads to less visibility into user activity and less ability to impose policy. These numbers corroborate earlier findings suggesting that the average organization uses 841 cloud apps, a figure more than 20x their own estimates. Although cloud service providers have dedicated security teams, the use of cloud services “doesn’t absolve security leaders of their responsibility to actively manage cloud security,” notes Steve Riley, research director at Gartner.
Gartner estimates that by 2018, 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures. Gartner recommends the following strategies to improve cloud security:

Incorporate appropriate identity and access management
Isolate data at rest with encryption
Segment and contain traffic with virtual network and filtering controls
Establish a security control plane via third-party tools to achieve better visibility, data security, threat protection and compliance
Take full responsibility for application and instance security
Backup all data in a distinct fault domain
Investigate potential of being “compliant by inclusion”

As Gartner suggests, staying secure in the cloud is a shared responsibility and the use of tools such as Absolute DDS can help achieve that missing visibility into cloud storage applications. Using Absolute DDS, you can identify corporate devices containing files that are synchronized with cloud storage applications, scanning for at-risk data with remote capabilities to remediate potential compliance violations. Learn more about how to take control of at-risk data in the cloud at

The Big Problem of Shadow Data in the Cloud

How often do your employees go rogue to set up cloud services without approval from your IT team? Far more than you think. As much as 80% of IT pros say that their end users have gone behind their back to set up unapproved cloud services. There are also plenty of repeat offenders, as 38% of those IT pros report that their end users have done this five or more times. This new data comes from IT community Spiceworks, who recently surveyed 338 IT pros in North America and EMEA on data security, specifically addressing Shadow IT and the Cloud. The resulting data, gathered without a specific technology focus in mind, provides some interesting insight into the connection between cloud adoption and Shadow IT.
The Bigger You Are, The Harder You Fall
While Shadow IT plagues organizations of all sizes and from across all industries, larger organizations face greater vulnerabilities. Spiceworks hypothesizes that as the number of users and associated cloud service grows, it becomes increasingly difficult to maintain oversight. We believe this is true as well. According to the 2016 Shadow Data Report earlier this year, the average organization uses 841 cloud apps. That kind of volume is unmanageable for many companies.
The Spiceworks survey indicates that cloud storage applications such as Dropbox, Google Drive and OneDrive are believed to be the most vulnerable to attack. Cloud storage is fast and convenient for user productivity, but it’s also one of the biggest vulnerabilities you’ll face when it comes to securing your sensitive data. We’ve seen statistics that indicate that 83% of your employees are using cloud storage applications to share company information on a daily basis. And most of this data is shared without the approval or knowledge of IT. Shadow IT is a big problem in the cloud.
The True Driver Behind Rogue Cloud Use
Although the report included ways that cloud providers improve their data security, individual organizations are ultimately responsible for protecting their own data. Given how much data is flowing into the cloud, it’s time to take a step back and regain control. The true driver behind cloud use is the desire to be productive, so organizations that want to address Shadow Data in the cloud need to be mindful of their dual objectives: embracing new technology to support productivity and regaining visibility and control over data assets.
In our new whitepaper, At-Risk Data in the Cloud: 3 Strategies to Stop the Data Bleed, we look at how true visibility can unmask the insider threat and mitigate the risk of the cloud. Absolute Data & Device Security (DDS) can ensure that employee cloud storage use does not violate corporate data security policies. Using Absolute DDS, you can identify devices with cloud storage software and detect devices with at-risk files being stored (on the device or in the cloud). Ultimately, this allows you to proactively respond to the presence of at-risk data with remote data delete capabilities.
To learn more, get started with your free evaluation version of Absolute DDS today.