Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Preventing Shadow IT from Blindsiding your Zero Trust Plan
  • Data Breach

Preventing Shadow IT from Blindsiding your Zero Trust Plan

6 years ago Chris Hudson
Preventing Shadow IT from Blindsiding your Zero Trust Plan

I’ve spoken before about Zero Trust approaches to security, but for many of those starting on their journey, there isn’t an obvious place to start with the model. With this post, I wanted to share an example approach I’ve seen working that many organisations already have in place and can be easily rolled into a larger program of Zero Trust hardening: understanding your Shadow IT.

Shadow IT – What is it and what risk does it present

Shadow IT refers to software and configurations that are deployed by departments other than the centralized IT department, often as a means of working around limitations (or security controls!) to enable functionality that is deemed “necessary” by the implementer. Whilst not intending to do harm, such implementations are rife with risk, and with “Bring Your Own Devices”-type approaches becoming increasingly common, particularly alongside rapidly deployed work-at-home schemes, Shadow IT has grown significantly. Today, many more applications and services are being used to interact with business data than ever before—all without the visibility or scrutiny, which is key to preventing leaks.

Security teams have long known that even well-organised IT departments run up significant risks from the acts of a negligent administrator. Even an approved line-of-business application that gets deployed without the security team’s awareness can prove to be a risk if it escapes patching and default hardening procedures because it was deployed without the usual controls in place.

The reality I’ve seen time and again is that security teams are left out of the loop when machines are deployed or reconfigured, and once systems slowly drift away from an initially secure configuration state, correcting them proves much harder than ones which have been deployed in line with approved security controls in place from day one. With unofficial software implementations that aren’t owned by formal IT teams within the organisation, there’s far less willingness to make changes to bring them in line with security standards lest they inadvertently impact a service that the business has unknowingly sleepwalked into having to support and that is key for day-to-day operations.

A Tactical Approach to the Threat

With the threat that Shadow IT poses, it’s a key area where a Zero Trust approach makes sense. Getting started is easier than you might think. If you’re using Tripwire Enterprise, you can leverage its flexible agent and agentless-based integrity monitoring controls to watch for changes that might indicate that unapproved applications or configurations are being implemented. In many cases, you can use this same information to identify whether an approved IT staff member was responsible for the installation.

Building on this framework of detection, Tripwire Enterprise’s secure configuration management tools can help you address the risks associated with any detected unexpected software implementations by providing insight into the configuration of applications whether it’s a database instance added to a host or a new browser application deployed outside of change control.

Importantly, all of these processes should be undertaken automatically. (Applying a Zero Trust approach should mean that no instance of an application is any less of a risk than another.) Fortunately, Tripwire Enterprise’s automated “Actions” allow you to build up responses to changes in configuration, providing an opportunity to automatically assess newly detected applications as well as to provide suitable notification and reporting to help determine the impact of a new Shadow IT instance.

Shadow IT in the Cloud

Beyond your onsite infrastructure, there’s an increasing risk of Shadow IT showing up in the form of new cloud services. Whether it’s IaaS, PaaS or SaaS, any cloud system can become an area where “feral” systems can sneak into the business, resulting in increased exposure. And once again, the key is detection (typically by detecting client apps, firewall or proxy logs) and then response. For Shadow IT in the cloud, the strategy I’ve found most successful is to shine a bright light on the systems since shutting them down can be challenging for any number of reasons. Fortunately, bringing cloud solutions into compliance is becoming increasingly simple. Our cloud management assessor service, for example, gives you automated ways to harden any new systems that you discover and want to reduce the risk around.

Small Steps on your Zero Trust Journeys

Every Zero Trust journey will require some significant changes to most security teams’ approaches, but the payoff of a secure network means it’s a trip that most teams might want to consider. Whilst Zero Trust as a concept remains relatively new, for many, the tools required to achieve it are already deployed and ready to help you get to your destination that little bit faster.

The post ” Preventing Shadow IT from Blindsiding your Zero Trust Plan” appeared first on TripWire

Source:TripWire – Chris Hudson

Tags: Cloud, TripWire

Continue Reading

Previous Tyler Technologies Reveals Ransomware Affected Some Internal Systems
Next Answer these questions to find out how safe your social media profiles are

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

[Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)

5 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Most Remediation Programs Never Confirm the Fix Actually Worked

6 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

6 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

9 hours ago [email protected] (The Hacker News)

Recent Posts

  • Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
  • Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
  • [Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)
  • Most Remediation Programs Never Confirm the Fix Actually Worked
  • Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT