Skills Overtaking Security, Disney Getting Stung, When Tools Are Not What They Seem, Not-So-Secure Cloud Storage, Banshee The Great Pretender, and Dancing The Espionage Waltz. It's CISO Intelligence for Wednesday 15th January!

Table of Contents

1. Bringing Shadow Admins Out of the Shadows
2. Mickey's Misstep: Allergy Warning with a Hack Job
3. LDAPNightmare: A Bug with a Hidden Bite
4. Ransomware Hijinks: When AWS Features Turn Against You
5. Banshee Howls at the Mac: The Stealer That “Borrowed” from XProtect
6. Double-Tap's Diplomatic Dance: Espionage in Central Asia

Bringing Shadow Admins Out of the Shadows

Invisible puppeteers or just techies revolting against red tape? Shadow Admins play in the grey zone between innovation and chaos.

What You Need to Know

Shadow IT admins are individuals within your organization with technical prowess who execute IT functions without formal recognition or compliance with governance, risk, and compliance (GRC) standards. Their actions, driven by the need for innovation, speed, and autonomy, pose substantial risks if not managed properly, potentially impacting critical business operations. Executives must recognize the potential security and compliance vulnerabilities posed by these unsanctioned IT activities and implement measures to integrate them into the organization’s official IT framework.

CISO Focus: Identity and Access Management
Sentiment: Negative
Time to Impact: Immediate to Short term (3-18 months)

Introduction

For subscribers receiving this insightful peek into the shadowy underbelly of corporate IT, brace yourselves for a curious exploration of covert innovation unwittingly steering organizations towards potential cyber landmines. Learn how "shadow admins" are shaping—and sometimes shaking—organizational security landscapes.

Overview

Shadow IT administrators—a clandestine clan of unsanctioned tech operators—navigate a universe without governance oversight, driven by frustrations with established systems. Their penchant for swift decision-making and agility might save a moment but could severely compromise the organization’s security posture.

Shadow IT Admins - Who are They?

Shadow IT admins are typically professionals with substantial technical or functional know-how. Despite their often noble intentions of addressing pressing business needs swiftly, they inadvertently bypass the organization's long-term management protocols and GRC requirements. In their shadowy operations, they could be unwittingly managing systems containing sensitive data or critical business processes, creating substantial risks.

Why Shadow Admins Exist

The shadow incursion into IT realms primarily emanates from:

• Slow IT Response: When the official IT apparatus is bogged down with sluggish approval processes or overloaded with queues, shadow admins rise to fill the void.
• Lack of Resources: Overstretched IT departments often leave crucial needs unmet, compelling business units to devise unofficial solutions.
• Unmet Needs: Deeply frustrating unmet needs drive business units to rely on shadow admins to implement services that appear more suited to their requirements than official systems.
• Innovation and Agility: Shadow IT admins often emerge from a culture of innovation. By taking unsanctioned control of new tools and technologies, they cloak their creations from the structure, a combustible mix of ingenuity and risk.

Risks and Implications

The high-risk landscape within which shadow admins operate can lead to:

• Data Breaches: Lack of proper security protocols and oversight can result in vulnerabilities that are easy pickings for cyber threats.
• Compliance Issues: Breaching regulatory GRC mandates becomes an unavoidable consequence of shadow operations, leading to potential legal ramifications.
• Operational Disruption: Critical system functions managed without formal recognition can result in systemic failures that disrupt business continuity.

Integrating Shadow IT into Mainstream IT

The challenge lies in transforming shadow IT’s potential from perilous to purposeful by:

• Fostering Communication: Establish open channels between official IT and shadow admins. Acknowledging and addressing their concerns fosters a cooperative rather than adversarial relationship.
• Implementing Governance Frameworks: Develop governance models that incorporate flexibility to embrace grassroots innovation within established guidelines.
• Training and Awareness: Educate all stakeholders on GRC policies and the impacts of shadow admin activities, creating a culture of informed decision-making.

Road to Above-Board Operations

Organizations can pave the way to legitimacy for aspiring shadow IT admins by:

• Offering Support Tools: Simplifying access to official resources and providing clear pathways to integrate shadow initiatives into the mainstream IT roadmap.
• Encouraging Innovation: Champions of change can be given official forums to propose solutions while adhering to organizational risk and compliance requirements.

Vendor Diligence Questions

1. How does the vendor's solution integrate with current IT frameworks to prevent shadow IT practices?
2. What controls and measures do they provide to monitor and manage unauthorized admin activities?
3. Does the vendor offer tools that can foster collaboration between official IT departments and shadow IT operatives?

Action Plan

1. Identification: Conduct an audit to identify existing shadow IT practices within the organization.
2. Integration Strategy: Develop a strategy to integrate beneficial shadow IT activities into the formal IT framework securely.
3. Ongoing Monitoring: Establish ongoing monitoring processes to detect and manage shadow IT activities effectively.

Source: Proofpoint Article