We all identify with the image of the hooded villain hovering over his computer late at night – accessing a corporate network, stealing valuable data, disappearing without a trace. We personify the attacker as intelligent, determined, and crafty. But the reality is the vast majority of attacks are made possible by simple human carelessness or recklessness – making the job of the hacker an easy one. He’s checking all the doors and windows constantly. All it takes is one mistake on your part and he’s in.
What do we do? Well, you know the answer. We spend a good chunk of our IT budget on security defense-in-depth layers – designed to detect, deceive, trip, or outright block the villains. Let’s park the discourse on whether or not we are winning that game. Because there is a far easier game underway – the one where the attacker gets into your network, business critical application, or IP/PPI data through a vector you didn’t even know you had – the unmanaged asset – often referred to as Shadow IT.
Think this is not your company? A recent study suggests the average enterprise has 841 cloud apps in use.1 Surprisingly, most IT executives believe the number of cloud apps in use by their organization is on the order of 30-40 – meaning they are off by a factor of 20X. The same report highlights that more than 98% of cloud apps are not GDPR ready, and 95% of enterprise-class cloud apps are not SOC 2 compliant.
Shadow IT / Unmanaged Assets Defined
Shadow IT is defined as any SaaS application used – by employees, departments, or entire business units – without the knowledge or consent of the company’s IT department. And, the advent of ‘everything as a service’ has made it even easier for workers to access whatever software they feel is required to make them more productive.
Well-intentioned employees usually don’t realize they’re breaking corporate rules by activating a new server instance, or downloading unauthorized apps or software offerings. But, it happens. And when it does, three problems can arise:
- Corporate standards within an organization are compromised since unauthorized software means each computer has different capabilities.
- Rogue software often comes with security flaws, putting the entire network at risk and making it even more difficult for IT to manage security risk.
- Asset blind spots not only increase security and compliance risk, they can increase legal risk. Information retention policies designed to limit legal liability are being skirted with information contained on unauthorized cloud assets.
Three Key Considerations for Addressing Unmanaged Asset Risk
- First, deploy tools that can provide comprehensive visibility into all cloud assets – managed and unmanaged. Know what new virtual machines have been activated this week, as well as what other machines and applications with which each VM instance is communicating.
- Second, make sure your tooling can provide continuous inventory of authorized and unauthorized virtual machines running in the cloud. Make sure you have visibility into all IP connections made to each asset.
- Third, for compliance and/or forensic analysis purposes look for a solution that provides a capture of any and all assets (physical and virtual) that have ever been on the network – not just a solution that is limited to active assets – and within a short look back window.
Unmanaged Asset Discovery with Ziften
Ziften makes it easy to quickly discover cloud assets that have been commissioned outside of IT’s purview. And we do it continuously and with deep historical recall at your fingertips – including when each device first connected to the network, when it last appeared, and how often it reconnects. And if a virtual machine is decommissioned, no problem, we still have all its historical behavior data.
Identify and secure hidden attack vectors stemming from shadow IT – before calamity strikes. Know what’s going on in your cloud environment.
Learn more about how enterprises can maintain cloud security and visibility: https://ziften.com/cloud-visibility-and-security/.
- 1. Shadow Data Report, Symantec and BlueCoat, 2016.