(Panel Discussion) Shadow IT: You Cannot Protect What You Can’t See

This is a summary of the panel discussion at Security Symposium & Cyber Sentinel Award by Infocon global. The panel discussion was moderated by Jitendra Chauhan (Head of Engineering at FireCompass) along with Balaram (CISO, Manthan), Ananth Kumar Ms (Head-IT Assurance & Security, Janalaxmi Financial Services), Sumanth Naropanth and Ramakrishna Roy.

What is Shadow IT? How will you define it?

  • What is the definition? Projection based on Gartner and Forester
    • Gartner Report Says Shadow IT Will Result in 1/3 of Security Breaches. They predict that “by 2020, one third of successful attacks experienced by enterprises will be on their shadow IT resources.”
    • When business unit IT digital services are invisible to the IT department that is not sanctioned by centralized IT it is termed as shadow IT.
  • Different Types
    • External Digital Footprint
      • Apis
      • Share drives
      • Cloud services
      • 3rd party assets and data collection
      • Ability to share information
      • Open source libraries
    • Internal organisation

    • Grey area
      • Skype
      • Open source libraries
      • Design esponaige

>> Want to See Your Organization's Shadow IT

Why is Shadow IT is a problem from various perspectives such compliance, security, business operations etc.?

  • Compliance such as GDPR, SOX, PCI
  • Business Implications and implications to CXOs
  • Organisational Security Perspective
  • Skype traffic
  • What are the few examples of breaches because of Shadow IT?
    • Amex Breach [Nov 2018] - Details on 700k customer data exposed
      • What was exposed?
        • 3M Records,
        • 700000 unencrypted PII such as Name, Emails, Phone Numbers etc.
      • How did it Happen?
        • Misconfigured MongoDB instance (managed by a Marketing Subcontractor), which was indexed by search engines like Shodan.
    • HSBC Breach [Nov 2018]
      • What was exposed?
        • 1M+ Customers exposed,
        • PII - DOB, Communication Details, Transactions, A/C Numbers & Balance
      • How did it Happen?
        • Credential Stuffing, Due to Password Reuse
    • British Airways [Sep 2018] - Click Here for more data on why the hack happened
      • What was exposed?
        • 380000 Transaction Records
        • Personal and Financial Data such as credit cards
      • How did it Happen?
        • 3rd Party System compromised, infected with malicious javascript that ultimately targeted BA end users.
    • Equifax Breach (Click Here for detailed breach settlement information - $700m)
    • Microsoft Subdomain Takeover
    • Dunkins Donut


  • None of the attack vectors involved 0 days, but mostly misconfigured assets, open buckets, leaked password reuse, 3rd Party related trust misuse
  • Reward and reprimind

How is the Shadow IT really created?

  • Key business drivers
  • Getting things done as fast as possible
  • Cloud it is easy
  • Agility
  • 3rd party vendors
  • Lack of monitoring
  • Examples of departments [Marketing, Engineering]

How to detect Shadow IT?

  • Detection Cycle

    • Discovery visibility
    • Data flow monitoring and anomaly detection
    • Create Asset Inventory
    • Prioritise and Assign Risks
    • Validate Risks [Red Teaming]
    • Manage and Monitor
      • Continuous Monitoring of Attack Surface and Risks
      • Continuous Remediation of Risks

    Incidents response of shadow it?

How to prevent Shadow IT?

  • Be more open on the policy perspective. Embrace Shadow IT Drivers by creating policies
  • Awareness Drive ( cxo and employees)
  • Continous Monitoring and threat intelligence
  • How to deal with employees who do not listen to you and inform Security Team?

>> Want to See Your Organization's Shadow IT

Views: 232

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service