Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

'Shadow' Cloud Services Rampant In Government Networks
Newest First  |  Oldest First  |  Threaded View
Grant C
Grant C,
User Rank: Apprentice
3/1/2015 | 9:23:33 AM
Storm Cloud!
I might coin it the Storm Cloud!  Detecting and containing north/south and east/west bound data in the cloud - especially the one off SaaS sloutions - is tricky at best is seems.  Not to mention auditing identities, access etc. for a SaaS solutions.  I'm talking about the smaller, less mature SaaS solutions that are coming out of the woodwork, that could be undetected before its too late.  Its an interesting challenge.
User Rank: Apprentice
2/28/2015 | 9:27:57 AM
A problem is IT is behind the times
> People are people. They want to do things more efficiently."


In my shop, it takes four weeks and many meetings to arrange for something simple such as a DB server.  In the cloud, I can have a DB server set up in less than an hour. In my shop I need to spend hours creating justification for the storage needed, set up meetings with all groups that may or may not be interested in the space consumed, wait for everyone to sign off, discover problems with specific groups and find a solution to get their signature.  In the cloud, all I need a charge card.  In my shop the cost of setting up a DB is about 20 times more than the cost of that DB in the cloud. This is why people use the cloud. 


If IT want to stop Shadow CLoud, they need to becomre more like the cloud and offer cheap, fast services.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
2/28/2015 | 9:12:10 AM
And how do you find out?
Another issue (which I recently wrote about) is the matter of what happens after there is a breach of the data in the shadow IT service?  How do you even know that your data were there?  The employee would have to self-report, but the employee might be too embarrassed -- or too fearful of retribution -- to do so.

A great piece of advice I got is to have a procedure in place for just such an occurrence and make sure employees are aware of the procedure.  Then, the employee will think, "Oh, okay, they have a procedure for it, so it must have happened before, and I probably won't be fired."

(And, of course, be judicious about firing and whatnot.  If word gets out that you fired so-and-so, don't expect much self-reporting in the future.)
Charlie Babcock
Charlie Babcock,
User Rank: Ninja
2/26/2015 | 4:15:36 PM
Office 365 isn't the problem
I don't think the danger to government system intrusion comes from use of Office 365, Yammer and Hotmail. I think it comes from files being moved from government agencies across the Internet into the cloud and back again. And I'm not sure how much of 'shadow' cloud in the public sector consists of that activity.

More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-18
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on the view.php p...
PUBLISHED: 2021-01-18
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...