Category: Shadow IT

Embrace the Shadow IT Mindset, Not the Shadow

It may sound like a clandestine mission or something out of crime drama, but Shadow IT is actually a very common, everyday occurrence. And it has been happening in organizations (yours included) for decades.
What is Shadow IT?
What Shadow IT means is when an IT or security department is kept in the dark when an employee or department makes a change to their hardware or software. It could mean departments are installing their own software, or it could mean a user is making unauthorized changes to the desktop. Even when employees use any cloud services that aren’t company standard or install shareware — these are also examples of Shadow IT.
More Than Just Hardware and Software
As mentioned above, Shadow IT usually involves hardware and software. But it goes beyond that: your company’s BYOD policy is part of the problem as well. When those endpoints are used to connect to your network they could pose as much of a risk as installing software or hardware on a corporate desktop without permission.
Basically, any hardware, even old laptops that have been decommissioned or servers in a test environment, that finds its way onto your production network can be considered Shadow IT.
Shadow IT Risks
While there may be the odd employee who follows through on some of the actions described here in a malicious manner, most instances of Shadow IT are non-malicious in nature. As such, it’s vital for an organization to treat these situations like they would a non-malicious threat.
Read: Have You Defined Your Insider Threats?
When assessing the risks associated with Shadow IT, we can probably break it down into three groups of costs: financial, human resource, and security. First, if your employees are installing expensive software on their machines and it’s not accounted for, there could be severe and costly repercussions. Remember, large software vendors conduct regular licensing audits, and if your company isn’t up to date, it could put a strain on the business relationship.
The next issue is support. From a software perspective, the best way an IT organization can be successful is by standardizing its toolset. If the IT department were to approve every piece of software or cloud solution that everybody asks for and not standardize on a particular toolset, it becomes almost impossible to support. There are far too many applications, tools and solutions out there — each with its own set of idiosyncrasies — for even the biggest IT departments to keep up on.
Then, of course, there’s the security aspect: those unknown apps, tools or solutions may come with software vulnerabilities. What if installing the software leads to a corruption of the machine? Or worse, what if it corrupts your network?
Having a software/hardware vetting process is crucial for any organization.
Managing (Not Embracing) Shadow IT
The focus of this article is to get companies to embrace the Shadow IT mindset and not the shadow. What does this mean? You’ll never be able to ban it altogether. Shadow IT happens and will always happen. You don’t have to embrace it, but it’s critical that organizations accept that employees sometimes do what they need to do to stay productive, even if it means flying in the face of IT policy.
The question that needs to be answered is: How can we minimize it and make it safe? If options are provided, standards are set, and the message is clear and not too restrictive, a feasible balance can often be achieved.
Take Dropbox, for example. You could set the security settings to prevent users from sharing documents outside of the company. While this stops users signed in to the corporate account, what about the people that are using a free or personal Dropbox account? It can’t be locked down.
Addressing issues like this are like the low-hanging fruit.
Generally speaking, however, managing Shadow IT boils down to maintaining visibility of all these endpoints. I love the fact that even if you don’t have policies in place, you can deploy software today to do all the monitoring of your environment.
Read: Three Steps To Strengthen Enterprise Endpoints
Embrace Creativity, Not Shadow IT
Look, every organization has people coming in from all different cultures, companies and countries who have great ideas they can bring to the table. Maybe they start from a garage in San Jose or from the unauthorized laptop of a user that ends up being a project or product that the company eventually puts into production. I’ve seen it over and over again.
What we don’t want to do is squelch peoples’ creativity and thinking.
The problem becomes: how do you turn that energy into something positive? It’s tough, because unless you’re going to create a totally sandboxed environment that’s safe for people to play around in (and we do recommend this), there’s not much you can do to stop Shadow IT from happening.
Try embracing the creativity while having the right discussions with people —no matter who you are or where you fit in your organization, with the right toolset you can have visibility and understand the risks.
Learn how Absolute Application Persistence helps organizations address pressing security concerns regarding application visibility and vulnerability by downloading our Application Persistence Whitepaper.

Securing Shadow IT Starts with Automation

Shadow IT is a modern security challenge for the very best reasons – your users rely on it to find new and arguably innovative ways to be more productive. While getting more done more effectively isn’t a bad thing, rogue applications that aren’t supported and maintained by IT is. While we haven’t seen Shadow IT in the headlines as much recently, the problem remains very real. Gartner estimated 38% of technology purchases in 2017 were managed and controlled by business leaders, not IT.
There’s another reason the headache of Shadow IT persists – because addressing the pain of these security incidents waiting to happen is well, painful. There are a few solid approaches you can try to reduce the use of renegade applications and services. The first is a PR program for your IT team. Building awareness of and trust in the important work IT does every day is key to attacking the root of the problem. Collaborate; get involved with other business units. In theory, by creating a bridge between IT and users, it can be easier to break down misconceptions about the barriers to bringing in new technologies and reinforce important security policies.

Automation is another important (and less ambiguous) component to addressing Shadow IT and it’s easier to accomplish in the short term. Setting rules that block traffic by application or network path is a strong step forward in at least blocking the known trouble makers and setting policy for what can and cannot be done. It also makes sense for your budget. According to the 2018 Total Economic Impact study done by Forrester, information security professionals can save 12 minutes in the analysis and triage phase on every security-related response with Absolute.
New Reach Automation Tools
Absolute Reach is a custom query and remediation feature of the Absolute Platform. Today, we added nine new scrips to the hundreds already executed across millions of devices. To address the challenges of Shadow IT, you can now add firewall application rules to prevent traffic from routing through a specific application. Regardless of what your user does on the device, no traffic will flow through the application. This is useful for preventing any unauthorized applications or network paths such as cloud-based file transfers or Torrent applications. And, if you need to reset your firewall settings after a period of time, there is a script for that too.
To address the challenge of managing Windows Updates, two additional scripts have also been added to disable Windows Update Sharing to support bandwidth constraints. You can also generate an automated log of any failed Windows Updates across a given device population.
Because incorrect network settings or misconfigurations often cause user frustration and negatively impact productivity, two more new scripts flush Address Resolution Tables (ARP) or DNS Resolver Caches, helping reset settings back to standard configurations. The ability to run an automated script to enable DHCP settings to automatically assign an IP address within a defined range can help prevent man-in-the-middle attacks.
Like all features of the Absolute platform, they can be performed on devices on or off the network which helps you address potential security vulnerabilities or misconfigurations on devices that are outside of the bounds of your traditional tools. They are available to all Absolute Resilience customers and can be found in the Reach library. The full list of new Reach scripts is in the table below. And more will be dropping soon. Explore Reach for yourself in this short video.

New Script Name

 Flush ARP Tables
Flush the ARP tables on a system

 Add Firewall Application Rules
Add / create a firewall application rule

Remove Firewall Application / Port Rules
Remove firewall application / port rules

Reset the Firewall Advanced Firewall Settings
Reset the Windows Firewall to defaults

Flush DNS Resolver Cache
Flush the DNS resolver cache on a system

Release / Renew IP Address
Release the IP & renew IP for the active adapters a system

Email Failed Windows Updates
Report the failed installation of Windows Updates on a system

Disable Windows Update Sharing
Disable the Windows Update Sharing feature / Windows Update

Enable DHCP for DNS
Update the DNS to DHCP, instead of static

5 Ways to Improve Insider Threat Prevention

If you browsed the latest security headlines, you’d probably think the majority of data breaches were related to hackers, political activists, malware or phishing. While the latter two hint at it, the truth is that nearly half of all data breaches can be traced back to insiders in some capacity.
While we recently examined the rising of the politically motivated insider, the truth is that most incidents are traced back to employees who are just negligent or unaware, whether it’s accidentally emailing customer data to an external party or clicking a phishing link. I was recently invited to join the Forbes Technology Council and I wrote about The Many Faces of Insider Threats where I examined the different ways an insider can create an incident within your organization. Today, let’s take a closer look at the negligent insider.
Negligent Insiders Are the Hardest to Identify
Most “mistakes” come from negligent insiders. Unfortunately, these insiders are often the hardest to identify. With no malicious intent, these employees are just trying to be productive and independent, which sometimes leads them to circumvent IT, download insecure apps or mistakenly click that phishing link. The ‘ways’ that insiders put data at risk are always changing.
A combination of education and technology is the best approach to detecting and remediating negligent user behavior. While security training is pretty standard these days for new employees, it’s not uncommon for most organizations to forget to build in reminders or to update training over time. Employees may simply forget they aren’t supposed to email data or use open Wi-Fi networks. 
Insider Threat Prevention Requires Visibility
With the explosion of cloud storage, SaaS and the growth in IoT, OT and IoT devices, there are now more ways than ever for data to be inappropriately shared, making it difficult to be 100% certain where company data and sensitive information may end up.
While I expect big things to come out of intent-based security, machine learning and AI, we don’t need to look to future technology to solve all of today’s problems with insiders. We’ll never shore up all the cracks in data security, but we can most definitely improve on the status quo.

Watch the movement of data – you need to be able to watch for the movement of critically important internal and customer data as it traverses within (and outside) your environment. Most organizations are solid on network monitoring, but lack control and visibility over data as moves onto devices or into the cloud.
Monitor for Shadow IT – look for applications and tools that have not been approved or vetted by your IT and security teams for use. While blocking all non-approved apps and tools could clamp down on productivity, it is critical to have plans in place when these apps may compromise sensitive data
Address endpoint security – ensure the physical security of your employee devices and the corporate data stored on those devices
Have a solid asset management solution – a solution gives you the capability to immediately respond to a lost or stolen device, closing the window of opportunity for an attacker to capitalize on the data or network access associated with a stolen device
Choose strong security layers – back up your asset management solution with full disk encryption, anti-virus and malware, VPN to minimize access to a device and the data it contains

Threats posed to your organization’s data aren’t always going to be malicious, but the risks they pose are serious and real. Being able to understand the multitudes of ways that data can be stolen and what those threats look like are critical to building a resilient enterprise that puts the protection of you and your customer’s data first.

88% of Retail Organizations Vulnerable to Data Threats

Target. Kmart. Home Depot. Neiman Marcus. Some of the biggest names in retail have been hit hard by data breaches in past years. Despite increased IT security spending, data breaches across all industries are accelerating. 88% of retail organizations in the US consider themselves vulnerable to data threats, with 19% experiencing a data breach in the past year, a figure which jumps to 43% for the global retail marketplace. Data from the Information Commissioner’s Office (ICO) suggests that retail firms reported twice as many data breaches in the past year, with more of those breaches attributed to a spike in cyber attacks.
With retail organizations mixing legacy systems and new technologies in mobile, big data, IoT and the cloud, security often takes a back seat. Research has shown that 9 out of 10 retail respondents believe network security is effective at protecting data from breaches, a belief which neglects the mobility of data in today’s mobile cloud-based world. This approach is not going to cut it, particularly with wide sweeping regulations coming into play such as GDPR, not to mention the financial and repetitional damage that occurs after a security breach.  A whopping 19% of shoppers say they would stop shopping at a retailer that falls victim to cyber attack, according to a KPMG study.
Retailers today possess more data then ever before, on everything from personal information to purchasing habits. These large data stores and the distributed nature of many retail organizations make retailers one of the top targets for cyber attackers. Following a wave of attacks in the past years, many retailers have taken steps to bolster transaction security (such as chip-enabled POS systems) and implementation of the PCI-DSS standard, but the threats have now shifted outside point of sale. According to a report by IBM, 26% of cyberattacks in 2016 were attributed to a 2-year-old vulnerability. We need to do better.
With an increasing reliance on vendors, mobile technology, e-commerce and the cloud, the retail risk landscape has shifted. To better protect the retail environment, organizations need new approaches to prevention, detection and response. 
With Absolute, you can detect, remediate and enforce compliance and accountability for sensitive data, wherever it is stored. Already embedded on more than 1 billion devices, Absolute offers the fastest and most effective endpoint discovery and asset management, from routine patch management queries to mission-critical remediation of device vulnerabilities. When it comes to data living off network, the Absolute platform delivers deep visibility into data on the endpoint allowing you to identify unauthorized apps to combat Shadow IT and to scan for sensitive or intellectual data – even if that data is not synced to the cloud.
With Absolute, you can easily find company devices missing critical patches and ensure they are updated, whether the endpoint is on or off the network, pre-empt security incidents by delivering insight into suspicious or anomalous activity, and respond quickly to contain threats or lock down data or devices to bolster your risk response capabilities. Plug the holes in your data security posture with the unparalleled visibility and control provided by Absolute.

The Challenges of Shadow IT

Shadow IT is a growing problem, and organizations must find the right balance of policy, processes and supporting technologies to get visibility into the data that’s living in the shadow. Here’s a look at the challenges — and how Absolute technology can help solve them…

Decentralization of IT Spending Puts Data at Risk

Recent insights from IDC’s Worldwide Semiannual IT Spending Guide: Line of Business demonstrates that corporate IT spending by non-IT business units continues to rise. And it’s that decentralization that puts data at risk. Here’s an overview — and insights on how to address it…

The Growing Challenges in Combating Shadow IT

Shadow IT is a huge and growing problem. Organizations must find the right balance of policy, processes and supporting technologies in order to regain visibility into the endpoint and the cloud where data is living in the ‘Shadow,’ all without becoming overtly restrictive and re-enforcing the negative-yet-well-meaning behavior that led to the growth of Shadow IT in the first place!
IT Business Edge polled a series of security leads on their perspectives on the risky behaviors that lead to Shadow IT. As Phil Richards, CSO of LANDESK, notes: “the existence and growth of shadow IT is usually a sign that the central IT organization is not meeting the needs of the business,” with business units and individuals making their own purchase decisions without the involvement of IT in order to become more productive, leading to the presence of data assets outside the control of IT.
Whether it’s downloading popular apps, using cloud storage applications or personal accounts, there are a myriad of risks identified by this report. Shadow IT remains a major risk because IT lacks visibility and control; if you don’t know where data is, you cannot protect it… indeed, you may not even know it has been breached. Shadow IT exacerbates many data security issues, from insider threats, malware, phishing, credential compromise and cyber attacks. As the 2016 Shadow Data Report demonstrates, organizations are using 841 cloud apps, almost all of which lack enterprise-grade security, with the Shadow use only exacerbating these shaky security foundations.
As Richard Henderson, Absolute’s own Global Security Strategist noted in the article, Shadow IT doesn’t just live in productivity apps and cloud storage, it also lives in social media:
“Popular applications like Twitter, Facebook and Skype are risky applications to add to a user’s device. These three applications alone are responsible for a significant amount of malware and information leakage, albeit almost unintentional.”
Shadow IT is a major crack in data security, one that needs immediate attention. As Richard has noted in another recent article, “attackers are not going to stop probing your infrastructure for cracks for even a moment,” so it’s time to regain control over the Shadow.
Absolute is helping confront the dangers of Shadow IT, detecting at-risk data stored on the endpoint or in cloud storage applications. Absolute Endpoint Data Discovery (EDD), which comes as part of Absolute DDS, scans for sensitive data, reducing your potential blindspots, with remote capabilities to wipe data and remediate security threats. To learn more, get started with your free evaluation version of Absolute DDS today.

Seeking Clarity for IoT

When it comes to IT acronyms and technical jargon fly fast and free. We’re always looking for a new way to name things, it seems. Shadow IT. Shadow Data. IoT. Shadow IoT. Security of Things. The desire for clarity through naming conventions can overshadow the message. When it comes down to it, most of the conversations are actually the same. It’s about data security. And it’s also about reputation management. So, let’s try to strip back the jargon around IoT and truly understand what is happening.
Understanding the Risks of IoT
Daniel Messier wrote for Dark Reading, “you can’t defend against something you don’t understand,” noting that with the vague promises of the Internet of Things come many risks, many of which have no way to be mitigated. In its infancy, many of these “things” are coming to market quickly with major design flaws and no way to remotely update them. Yes, the onus is on IoT device manufacturers to deliver a secure platform, but we’re not there yet, so how do you respond now? Third party oversight just doesn’t exist yet for the sheer variety of “things.”
Some have responded the risk of IoT devices, whether that’s compromised or hijacked devices or compromised data, by isolating these systems. However, isolating IoT systems from business systems does not erase the risks that these devices could still be used to attack others, as we’ve seen with the stories around hacked cameras being used in a massive botnet attack. This can result in costly damage to your corporate reputation.
To put it mathematically, the number of IoT devices being deployed multiplied by the insecurity of those devices multiplied by how hard it is to update them equals some idea of part of the risk that will be presented by IoT devices.
Although the Dark Reading article talks about ways to secure IoT devices, the advice only pertains to the IoT devices you know about. The current trends toward decentralized IT purchases, both at the business unit and employee-level, suggest that most IoT use cases will be in the “Shadow,” they won’t be approved or managed by IT. It may be, as Daniel suggests, that prevention is somewhat futile and we should focus on reducing the impact of IoT events.
Monika Brink suggests that “unless the security side of IoT is sorted out, it could hold back wider adoption of the technology,” and we agree. Sort of. We think a lack of a strong security footprint will hold back official corporate deployment of IoT systems, but it’s not going to slow down what’s happening at the business and employee-level.
The number of IoT devices is expected to reach 50 billion by 2020. Although many of the same technologies and procedures we use for addressing the risks associated with BYOD devices or the Cloud can and should be applied to the IoT, whether that’s role-based access control, encryption, malware prevention or visibility technologies, IoT security is going to remain elusive for a long time.
Do we have the answers for you. No. But we will keep talking about it. Absolute has long been a leader in conversations about data security and we will continue to offer our insights and thought leadership on the evolving technology landscape as it pertains to data security.
How is your organization tackling IoT?

Security in the Cloud Requires Visibility

There is a rapid enterprise movement toward the cloud, and yet such movement has remained uncoordinated. Gartner estimates that less than one-third of enterprises have a documented cloud strategy. This has led to an explosive growth in Shadow IT and Shadow data as well as application development that is uncoordinated and inefficient.
When it comes to the current security landscape, Gartner research has identified that SaaS applications are often the most risky of cloud deployments (as opposed to IaaS or PaaS), with the top risks including:

Sensitive data placed in unapproved services
Authorized users misusing cloud-based data
Stolen credentials
Unrecoverable data loss and service shutdown
Cloud compromise (“cloud hacking”)

Shadow IT
Typically, enterprises have as many as 20-900 SaaS vendors, which leads to less visibility into user activity and less ability to impose policy. These numbers corroborate earlier findings suggesting that the average organization uses 841 cloud apps, a figure more than 20x their own estimates. Although cloud service providers have dedicated security teams, the use of cloud services “doesn’t absolve security leaders of their responsibility to actively manage cloud security,” notes Steve Riley, research director at Gartner.
Gartner estimates that by 2018, 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures. Gartner recommends the following strategies to improve cloud security:

Incorporate appropriate identity and access management
Isolate data at rest with encryption
Segment and contain traffic with virtual network and filtering controls
Establish a security control plane via third-party tools to achieve better visibility, data security, threat protection and compliance
Take full responsibility for application and instance security
Backup all data in a distinct fault domain
Investigate potential of being “compliant by inclusion”

As Gartner suggests, staying secure in the cloud is a shared responsibility and the use of tools such as Absolute DDS can help achieve that missing visibility into cloud storage applications. Using Absolute DDS, you can identify corporate devices containing files that are synchronized with cloud storage applications, scanning for at-risk data with remote capabilities to remediate potential compliance violations. Learn more about how to take control of at-risk data in the cloud at