Skip to content

LAN Wars: The Phantom Menace

A long, long time ago, in an office cubicle nearby....

The corporate network is plunged into chaos. The implementation of security policies on the company's systems is under dispute.

Hoping to circumvent protocol with a handful of unapproved tools, the rebellious, grasping IT faction has ceased all collaboration with the IT team and established their own software ecosystem.

While the IT team endlessly debates other matters, the CISO has secretly dispatched two cybersecurity experts, guardians of compliance and zero trust, to restore order and maintain network security.

Does this plot sound familiar? It's better to learn about it now before it turns into a real-life horror movie. In this post, we'll delve into the issue of Shadow IT and how to tackle it effectively.

What is Shadow IT?

Shadow IT, much like a rogue force operating outside the bounds of the Empire – pardon, the official IT department – refers to all those applications, devices, and services that employees use without formal approval.

Some examples include:

  • Using WhatsApp to share work documents because the official system is too slow.
  • An internal team deciding to use Trello because the company's JIRA is too complicated for them.
  • Utilizing iLovePDF to convert company documents.
  • Installing a cracked version of Photoshop due to a lack of licensing.
  • Setting up AnyDesk for remote access to your workstation from home.

And no, we're not talking about isolated incidents. According to recent studies, up to 80% of workers admit to using unauthorized applications in their daily work. From free cloud services to productivity apps, Shadow IT is more prevalent than many CISOs would care to admit.

Risks Associated with This Practice

As is often the case, dangers lurk in the shadows. Seemingly innocuous practices can lead to devastating attacks. Let's examine the primary Shadow IT hotspots and the associated risks:

Personal Devices (BYOD)

The use of personal devices might seem harmless, and even desirable, due to the flexibility it grants users, but these "infiltrators" on our network can:

  • Expose our network to external threats: These devices may have been previously compromised by malware or another attack and act as an entry vector.
  • Expose corporate information in untrusted spheres: Certain features, such as cloud synchronization, can expose information to untrustworthy third parties.
  • Facilitate lateral movement: An attacker can use the machine to move comfortably through the network due to the lack of corporate security solutions.

Unauthorized Applications

The use of applications can save the company team valuable time, but there should always be an approval process, and we must ensure that certain standards are met. Applications installed without oversight can have devastating consequences, including:

  • Introducing vulnerabilities into the systems hosting the application: These applications may contain security vulnerabilities that an attacker can exploit to gain privileges or compromise the system hosting the application.
  • Exposing our network to external threats: We all know someone who downloads software (OBS, for example) from their browser, and the first result leads them to install an application clone containing some form of malware. This happened with Keepass some time ago.

Browser Extensions

These small, seemingly harmless add-ons can be as dangerous as a spy droid:

  • Exposing our company to external threats: This isn't new, but the scale has recently become apparent. A few months ago, a series of browser extensions were compromised and used to steal browser information from the extension's users. While we might think this is an isolated case, browser extension marketplaces exist where anyone could buy an extension trusted by users and subsequently manipulate its code.
  • Exposing corporate information in untrusted spheres: Whether for malicious purposes or not, many extensions must process user browser information and send certain data to the application creator's servers. It's worth asking how secure the stored data is and how much control there truly is over what data is sent.

AI Agents and Chatbots

"These are the bots you're looking for." New technological allies can also entail risks:

  • Sending confidential information to external services: While, with training and common sense, these agents can be very useful for the user and save a great deal of time, indiscriminate use can lead to sending confidential information to the service providers....

How to Address It

The solution isn't to build another Death Star. Instead, we need a more intelligent approach:

Understand the Actual Needs

Before drawing your lightsaber, it's essential to understand why users resort to Shadow IT. This process begins with a thorough assessment of the organization's current technological landscape. Conducting regular surveys will allow us to identify the shortcomings and frustrations users experience with official tools. It's crucial to establish open communication channels where employees can express their technological needs without fear of reprisal.

Analyzing the usage patterns of unauthorized tools will provide valuable information about the functionalities users consider essential. This information, combined with the identification of bottlenecks in official processes, will help us understand where we need to improve our corporate solutions.

Monitoring and Detection

An effective Shadow IT control system requires a robust yet non-intrusive monitoring strategy. The implementation of application discovery systems on the network should be complemented by traffic monitoring tools that allow us to identify unusual or potentially risky usage patterns. Periodic audits of devices and applications should be performed, always respecting user privacy and maintaining a balance between security and trust.

Create an Inclusive Strategy

The key lies in ongoing training and communication. Developing specific training programs for each department allows us to address the particular needs of different groups of users. These programs should go beyond simple presentations, including practical workshops and Q&A sessions that allow users to truly understand the risks and available alternatives.

Creating a security ambassador program can help spread best practices more organically within the organization. Regular communication of updates, coupled with the celebration of success stories, helps maintain user engagement with security policies. Public recognition of those who adopt and promote safe practices can create a positive culture around information security.

Conclusions

Shadow IT isn't the dark side of the Force; it's more a symptom of unmet needs within your organization. Rather than combating it with prohibitions and restrictions, the real victory lies in understanding why it arises and creating a technological ecosystem that combines security with usability.

Remember: the force for change lies in the balance between control and flexibility. As a wise corporate Jedi master once said, "Shadow IT, control you must, but destroy you need not."

The next time you discover an unauthorized application on your network, before panicking, ask yourself: What need is it fulfilling? How can we offer a better alternative? The answers to these questions will guide you toward more effective management of your IT infrastructure.

Stay safe. Stay smart. Stay secure.