Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
80% Of IT Pros Say Users Set Up Unapproved Cloud Services
Newest First  |  Oldest First  |  Threaded View
RegisPar
RegisPar,
User Rank: Apprentice
1/23/2017 | 9:51:37 AM
Speed of Business
I'm seeing several companies going to the cloud without an IT expert aware because business areas need to be fast and deliver new products frequently. Unfortunately, the IT isn't living this new age where a new product, new fuctionality or new option must be delivered more frequently than we was familiarized in the past. This new age requires more flexibility, more easyness and speed. 

I saw several companies where IT Security people found new apps running on the cloud by mistake. I saw users going alone to the cloud because when they requested new power to IT, received as answer a kind of 30... 45 days to deliver, I saw users going alone to the cloud because they want to start a project very light and have the capacity to grow fast if project has success but IT simply can't do it. 

Cloud is not for everything, not for everyone (at this moment, because market is changing so fast) but if our IT can't support market changes in terms of usability, flexibility and cost, there is no other way to go instead to the cloud, in a secure or insecure way. 
jdrosen2
jdrosen2,
User Rank: Apprentice
10/15/2016 | 10:36:50 AM
IT needs to treat this as an existential threat
Often times the IT response is to try and block or prohibit these services, but this is the wrong response. The reason users are using these services is that cloud technologies and mobile apps have now provided users a choice of providers, with IT being one vendor, and cloud services as the other. As such, what used to be an effective monopoly for IT - monopoly vendor of collaboration tools - is no longer so. IT needs to 'compete' to be relevant. That means, they need to up their game on selecting and providing tools which meet the needs of their users, and do the things that are causing users to seek these non-sanctioned tools. This in turn puts massive pressure on enterprise software vendors to provide tools which both users and IT can say yes to. That is the only way out of this dilemma.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31884
PUBLISHED: 2022-06-28
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
CVE-2022-31887
PUBLISHED: 2022-06-28
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
CVE-2020-19896
PUBLISHED: 2022-06-28
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
CVE-2020-19897
PUBLISHED: 2022-06-28
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
CVE-2021-41559
PUBLISHED: 2022-06-28
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.