What You Need To Know About Shadow IT
IT News – Shadow IT
The use of unauthorized online services by employees of a company, known as shadow IT is a major concern for anyone who defends a business from network attacks. New systems are being built that are making the concerns of these shadow IT defenders more justified than ever before.
One of the most common attacks is known as “Man in the Cloud,” and involves making a very simple change in the configuration settings that then turn a service such as Google Drive or Dropbox into a serious criminal tool. Man in the Cloud attacks are not easily detected using common security measures, making them even more dangerous.
The key to the attacks is the way that the services sync files from all the devices that are linked to the account. Each device has special software that is provided by the service to help make sure that the information that is on the devices and in the cloud are the same across the board. When any changes are made through the service, the software will make sure that the change is also made in the cloud and all other devices that are linked to the account.
When any changes are made, the devices have to be authenticated. Since the authentication process uses tokens instead of passwords, it is possible to steal the tokens and add it to a device without the knowledge of the account owner. Every time the owner of the account changes any information, the changes will also appear in the unauthorized device. The user will not know that the hack is happening, and it is very difficult for network defenders to detect the issue.