Information security is all about protecting data, so an effective cybersecurity policy has to include app security provisions that protect data generated on user endpoints. That’s easier said than done, however; after all, to secure applications, you have to know what applications your employees are using.

Employees rely on apps for almost every type of task, and they aren’t all using the same types of devices to access these apps. Thanks to the rise of bring-your-own-device (BYOD), the overall mobile workforce and, perhaps most significantly, the growing blur between professional and personal devices, it’s common to use apps and hardware that aren’t authorized by the IT department.

This unauthorized use is known as shadow IT, and it’s a nightmare for those in charge of security. You can’t protect what you don’t know — and endpoint users are unwittingly putting company data at risk every day.

Identifying App Security Perps

According to June 2018 research from Nintex, an intelligent process automation platform, almost two-thirds of employees find that they have broken IT processes within their company. As problems and concerns linger, employees have turned to shadow IT devices to address their own problems.

However, the most surprising finding in this survey may be that the worst culprit of shadow IT use is your own IT staff. That’s right: Sixty percent of the people who are charged to protect your company from rogue application use are those creating app security risks.

Resolving IT Issues

Perhaps because of its overall workload, IT departments are often slow respond to software and application problems. When issues remain unaddressed, employees take matters into their own hands: Forty percent of Nintex’s respondents said they have engaged in shadow IT as a “direct result” of outstanding IT problems.

The benefit of having a strong internal IT staff is that they are your front line for testing new technologies and apps. Unfortunately, technology proficiency doesn’t equal security proficiency, so as they introduce unauthorized devices and apps to the network, they may not immediately recognize the risks or vulnerabilities attached.

Nor is it always current employees that are a threat. One of the most commonly broken IT processes involves the information access of former employees, something that one in five survey respondents cited as an issue in their company. If those former employees engaged in shadow IT, they may still have corporate data stored on their devices or apps. Because they were using unsanctioned endpoints, neither IT nor leadership has any idea what might be out there, unprotected and at risk of becoming breached.

Why do network and application questions and concerns linger? Often, IT staff are the victims of a broken system. Their own bosses may be dropping the ball when it comes to accountability. We expect our IT staff to oversee any system problems because the “computer guys” are the company face of technology solutions.

However, these same computer guys may face obstacles the rest of the company doesn’t see — budget restraints, tasks unrelated to their formal job duties, understaffing and more. More accountability for unresolved IT issues needs to be directed by those in C-level positions, including more input from the chief information security officer (CISO) to better address app security and shadow IT threats. The CISO should be the voice of security reason within the company, including the dangers of using unauthorized software.

Protecting From Shadow IT

The use of unauthorized apps and devices opens an organization to any number of problems, from basic process efficiency to serious security threats. Unsanctioned devices and software can jam bandwidth, decreasing employee productivity. It can lead to data breaches or theft, which could cost millions of dollars in lost business or fines should an organization fail to satisfy the General Data Protection Regulation (GDPR) compliance from the European Union (EU) or other industry and government regulations. This can also result in the loss of certifications and licenses.

Addressing shadow IT and device security should start at the top. Leadership should take more responsibility for network security and provide IT the support it needs to respond more quickly to broken processes. The use of unsanctioned software and devices should be monitored by someone outside of IT — such as a C-level executive like the chief information officer (CIO) or CISO, security team or managed service provider — and IT should then be encouraged to set an example by endorsing and enforcing authorized device and app use. This way, the ownership of proprietary data security will trickle down and calcify into the entire organizational structure, rather than straining uphill toward success.

At the same time, IT deserves the leeway to introduce new technologies into the company through authorized policy. With that line between personal and business devices increasingly unclear, it is easy for shadow IT to sneak past the network checkpoints. But by not having a plan in place and not requiring quicker response times, shadow IT can end up causing a lot of damage.

More from Application Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…