Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

'Shadow' Cloud Services Rampant In Government Networks
Newest First  |  Oldest First  |  Threaded View
Grant C
Grant C,
User Rank: Apprentice
3/1/2015 | 9:23:33 AM
Storm Cloud!
I might coin it the Storm Cloud!  Detecting and containing north/south and east/west bound data in the cloud - especially the one off SaaS sloutions - is tricky at best is seems.  Not to mention auditing identities, access etc. for a SaaS solutions.  I'm talking about the smaller, less mature SaaS solutions that are coming out of the woodwork, that could be undetected before its too late.  Its an interesting challenge.
User Rank: Apprentice
2/28/2015 | 9:27:57 AM
A problem is IT is behind the times
> People are people. They want to do things more efficiently."


In my shop, it takes four weeks and many meetings to arrange for something simple such as a DB server.  In the cloud, I can have a DB server set up in less than an hour. In my shop I need to spend hours creating justification for the storage needed, set up meetings with all groups that may or may not be interested in the space consumed, wait for everyone to sign off, discover problems with specific groups and find a solution to get their signature.  In the cloud, all I need a charge card.  In my shop the cost of setting up a DB is about 20 times more than the cost of that DB in the cloud. This is why people use the cloud. 


If IT want to stop Shadow CLoud, they need to becomre more like the cloud and offer cheap, fast services.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
2/28/2015 | 9:12:10 AM
And how do you find out?
Another issue (which I recently wrote about) is the matter of what happens after there is a breach of the data in the shadow IT service?  How do you even know that your data were there?  The employee would have to self-report, but the employee might be too embarrassed -- or too fearful of retribution -- to do so.

A great piece of advice I got is to have a procedure in place for just such an occurrence and make sure employees are aware of the procedure.  Then, the employee will think, "Oh, okay, they have a procedure for it, so it must have happened before, and I probably won't be fired."

(And, of course, be judicious about firing and whatnot.  If word gets out that you fired so-and-so, don't expect much self-reporting in the future.)
Charlie Babcock
Charlie Babcock,
User Rank: Ninja
2/26/2015 | 4:15:36 PM
Office 365 isn't the problem
I don't think the danger to government system intrusion comes from use of Office 365, Yammer and Hotmail. I think it comes from files being moved from government agencies across the Internet into the cloud and back again. And I'm not sure how much of 'shadow' cloud in the public sector consists of that activity.

Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-17
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
PUBLISHED: 2021-06-17
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
PUBLISHED: 2021-06-17
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
PUBLISHED: 2021-06-17
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.