| Note: The following blog post was migrated from the Elastica/Blue Coat website. It was first published on 10/19/2015. |
InfoSecurity Magazine published an article authored by Elastica Cloud Threat Labs on the potential threats residing in cloud applications, including the risks posed by malicious insiders, employee error, and external attackers. The article discusses the root causes and problems associated with the Shadow IT and Shadow Data and how sensitive data can be leaked and used in ways that can negatively affect businesses. The article further highlights the concept of the “Dark Cloud” and shows how Shadow IT and Shadow Data play a significant role in it by increasing the attack surface for sensitive corporate data. The article discusses the different techniques required to discover and secure cloud apps and the data they contain as well as to gain deeper insight into securing cloud apps.
An excerpt from the article ……...
Cloud apps are revolutionizing enterprise IT, and their usage only continues to expand as businesses deploy them at a rapid pace. They are becoming the preferred choice of enterprise IT because they offer universal access, reduced costs, and support a variety of apps, thereby enhancing business productivity. And as cloud apps become more accessible, powerful and flexible, employees will continue to adopt them, often without IT sanction, for their ability to enable them to work and collaborate with anyone, anywhere, and on any device. However, as with all new technologies, cloud apps pose their own unique set of security risks, and IT professionals are rightly concerned that sensitive corporate data remains susceptible to threats that originate from malicious insiders, sophisticated attackers, and even naive users.
A significant problem facing enterprise IT departments are Shadow IT, which refers to the collection of unauthorized apps and/or devices in use but not sanctioned by IT, and it can significantly expand the attack surface that goes unmonitored by the enterprise. In addition to Shadow IT, there is a potentially greater risk with Shadow Data: the unknown sensitive content that may be lurking in both sanctioned and unsanctioned apps. The inappropriate sharing or leakage of this Shadow Data to unauthorized parties can open a Pandora’s box of potentially devastating exposures of sensitive corporate and customer data as well as expensive compliance violations.
The article is authored by Aditya K Sood and Michael Rinehart.
The digital edition is available here for download - https://www.infosecurity-magazine.com/digital-editions/q4-2015-volume-12-issue-4/
About InfoSecurity Magazine:
InfoSecurity Magazine has over ten years of experience providing knowledge and insight into the information security industry. Its multiple award-winning editorial content provides compelling features both online and in print that focus on hot topics and trends, in-depth news analysis and opinion columns from industry experts. Infosecurity Magazine also provides free educational content featuring: an established webinar channel, whitepaper syndication programs & industry leading virtual conferences all of which are endorsed by all major industry accreditation bodies, making Infosecurity Magazine a key learning resource for industry professionals.
Website: http://www.infosecurity-magazine.com/