someone at work posted something about #shadowIT that seemed especially apt to me.

https://share.cleanshot.com/fWd2hJtNWCtZLWZ86Y5D

#infosec #humor

"#IT leaders grapple with shadow #AI"

From the 'yeah, duh' files - of course they are!! As I posted in my #eWeekChat comments this week, IT needs a strategy and governance to enables #GenAI experimentation & #innovation, if they want to avoid #ShadowIT.

https://www.cio.com/article/647725/it-leaders-grapple-with-shadow-ai.html

@LukaszOlejnik anyone with kids knows that when you try to block one thing, they'll just turn on their iphone's AP and get to it another way. #shadowIT

https://www.cio.com/article/481453/ending-the-forever-war-against-shadow-it.html

I hate this article from #cio . It NEVER even asks the most important question when #ShadowIT occurs; Why it exists. What service does "official IT" fail to offer that people deemed absolutely necessary to have available to them anyway.

At the end it tries, but barely.

The article is waaaaay to "we are good, they are bad" and therefore simply put: one-sided.

"Sorry, I just gave the user all permissions myself because it had to be done quickly." 🤯 :mastofacepalm: #rant #shadowit #securityawareness

"@nutanix Employees Fired For Intentional Misconduct In #Software Misuse Probe"

This is unfortunate, but seems a classic case of #ShadowIT gone wrong.

An object lesson, not so much for #CIO or #CTO but defo for #COO, #CFO & (as seen here) even #CEO!

https://www.crn.com/news/software/nutanix-employees-fired-for-intentional-misconduct-in-software-misuse-probe

The Next Big Thing after #ShadowIT (IT resources like Cloud capacity or software that it not officially part of IT) — #ShadowAI. People/groups/companies using “AI” stuff without telling anyone to make life easier. This is dangerous stuff IMHO. How about your doctor or health insurance using ChatGPT to speed up diagnosis/paperwork? Ouch. https://inflecthealth.medium.com/im-an-er-doctor-here-s-what-i-found-when-i-asked-chatgpt-to-diagnose-my-patients-7829c375a9da

#ShadowIT teams, also known as rogue IT teams, have grown in popularity in recent years due to the rise of cloud-based apps and remote work. However, this has led to operational tension and security risks within many businesses☝️👩‍💻 #MCAS

https://www.helpnetsecurity.com/2023/03/28/shadow-it-teams/

@jkanev huh. That’s a really neat idea!

Couple things I love on first glance…

1) #LocalFirst Software, so I can try it with real data

2) #Python, which is (a) good enough, (b) easy to tweak, (c) already exists in my data science environment

3) genuinely novel core data model!

4) zero-privilege unzip & run packaging, a critical stealth weapon in the #ShadowIT war (or a huge security problem, depending on who you ask!)

5) #plaintext persistence, so I can sync however I want

Made my day!

Good read from our head of Product Marketing at Nudge Security. People want to get things done and they, as a rule, want to do the right thing. #SaaS adoption brings lots of things outside of the "network" to your attack surface. The "block all the bad" tactic just won't work the same. Have a look.

What do you think?

#shadowit #saassprawl #security #infosec #people #work

https://www.nudgesecurity.com/post/does-blocking-access-force-saas-into-the-shadows

Interesting one. Has anyone tested Wing Security free SaaS Discovery tool?

#cybersecurity #infosec #saas #shadowIT

https://thehackernews.com/2023/01/eliminating-saas-shadow-it-is-now.html

Head of IT: We apply 0 Shadow IT Policy

Auditor: Very well, you gonna start after revoking the local admin rights from the users?

Head of IT: <Fatal error>

#cybersecurity
#shadowIT
#Audit

It is time to bring Shadow IT to light!

But how?! And why?!

In this article I explain how #lowcode and #nocode technology can be used to enable #citizendevelopers work. Let me know your vision about it 👇

#technology #shadowIT #digitalization #cybersecurity #softwaredevelopment

https://www.linkedin.com/posts/marco-armando-pecoraro-29479b3a_shadowit-lowcode-nocode-activity-7011359676923531264-BHCH?utm_source=share&utm_medium=member_android

@recursive I should probably write a longer post sometime about how I learned to stop hating on Shadow IT as a security engineer. These days, I love finding shadow IT systems, chatting with their users about what problems they're trying to solve that traditional IT was unable to, and helping to nudge them back into a better solution that saves them money and allows them to not have to maintain their own stuff anymore.

Engineers are problem solvers. When IT or Security gets in the way of a problem an engineer wants to solve, then IT just becomes another problem that the Engineers solve for: by creating Shadow IT. The way you solve Shadow IT is by making the easiest solution the correct solution.

#infosec #shadowit

It's funny when I hear a #ShadowIT person saying that shadow #IT is bad. What are you doing to fix that? 😒 #ITInfrastructure

Staffperson was complaining about slow fileserver speeds when working with large marketing files. Discovered an un-managed 100mbit hub under their desk connecting their voip, two computers, and a dock. As policy we don't use unmanaged hubs except in very narrow circumstances. Time to consider configuring port security at the access layer.
#shadowIT

@lord ça s'appelle #ShadowIt et les maîtrises d'ouvrage font ça tout le temps dans les grosses boîtes pour se passer de l'IT ( et de leur lenteur effectivement )

Today is one of those days where I search for how I can interact with and rely upon fewer humans for my day-to-day job.

#ShadowIT. That's how. Automate the hell out of things and put it in place using Shadow IT practices.

I'd gladly maintain this entire ecosystem, and answer to auditors, for my own use of this software if it means I don't have to deal with the enterprise policies built to stop people who keep running with scissors 3cm away from their eye

#JeudiCDOS #NoCode le premier risque c’est au niveau #CyberSec ça peut renforcer le #ShadowIT et la sécurité des données. (J’imagine la crise pour un DPO si y’a duplication de données perso…).

Le #ShadowIT désigne toute application ou processus de transmission d'information utilisé dans un processus métier sans l'aval de la direction des systèmes d'information. Le service informatique ignore fréquemment son existence, il ne l'a pas réalisé et il ne lui fournit aucun support.

https://fr.wikipedia.org/wiki/Shadow_IT