One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8635652 |
| Date de publication | 2025-01-10 09:36:20 (vue: 2025-01-10 14:08:17) |
| Titre | Bringing Shadow Admins Out of the Shadows |
| Texte | In today\'s rapidly evolving IT landscape most organizations rely heavily on IT systems to streamline operations and stay competitive. While some of these systems are managed and secured by IT and security departments, increasingly many are not because they are not officially sanctioned. They are often referred to as shadow IT, shadow clouds, shadow VPNs and shadow password managers. To this “shadow” list should be added shadow admins. These are individuals who have administrative or privileged roles within specific IT systems-and they haven\'t been formally authorized for this privilege. In this blog post we\'ll cover why shadow admins are so risky and what you can do about them. Who are shadow IT admins? Shadow IT admins typically have technical or functional expertise. As such, they may set up, configure or manage certain services. Often these admins act out of a desire to address immediate business needs. However, they often don\'t have a plan for long-term management. Neither do they typically consider the organization\'s governance, risk and compliance (GRC) requirements. As a result, their actions can lead to significant risks for the organization, especially if they are not well-versed in security best practices or the organization\'s GRC policies. What happens if they are managing systems that contain sensitive data or support critical business processes? Why do shadow IT admins exist? Shadow IT admins usually emerge when people get frustrated with official processes and priorities when it comes to acquiring and managing IT. Here are some common issues: Slow IT response. Functional teams inside an organization might need an IT solution immediately but find that the IT department is bogged down by slow approval or long deployment queues. Lack of resources. IT departments may not have the bandwidth to address every request, leading individuals or departments to take matters into their own hands. Unmet needs. Business units and their associated shadow admins often introduce services or systems that they believe will serve them better than what they can access through approved and supported systems. Innovation and agility. In some cases, shadow IT admins are driven by a desire for innovation. They might be introducing new tools or technologies that can drive the business forward but do so outside the official IT structure. And as part of this they take on IT admin ownership of the unsanctioned system. The risks of shadow IT admins While shadow IT admins often have good intentions, they can unwittingly expose the organization to a variety of risks. Attackers can exploit these accounts to perform privileged actions, like creating backdoors, altering security settings, exfiltrating sensitive data or bringing down systems all together. Attackers can also use these accounts to hide their tracks. This enables them to avoid detection so that they can maintain control over the compromised system. There are also shadow admin risks that are associated with Active Directory. Threat actors can use shadow admin accounts in Active Directory to take control of directory services, reset passwords and escalate their privileges. What\'s more, by identifying these accounts, attackers can elevate their access level-and they often don\'t need additional exploits to do it, either. One reason shadow admin accounts are such a significant risk is because they often go unnoticed until well after they\'ve been exploited. For a recent highly public example of a breach that involved shadow IT and shadow admin accounts, check out Microsoft\'s Midnight Blizzard attack. 6 Ways that shadow admins add risk to organizations These are six areas where shadow admins cause an impact. 1: Security vulnerabilities Shadow IT admins often bypass critical security processes that have been set up by the IT department. This can lead to various security risks, such as: Weak access controls. Shadow IT ad |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 2025 about access account accounts acquiring across act acting actions active actors add added additional address admin administrative admins admins after agility all also altering applications approval approved are areas aren as: associated attack attackers audit auditing audits authentication authorized avoid aware away back backdoors bandwidth because been before being believe best better blizzard blog bogged breach breaches bringing burden burden business but bypass can capabilities cases cause caused central centralized certain changes check checks clear cloud clouds come comes common communicate competitive compliance compliant compromised conclusion confidential configurations configure configured consider constantly consuming contain containment continued control controls costs cover create creating critical customer customers cyberattack damage data defense define delay department departments deployment desire detecting detection develop different difficult difficulties difficulty directory discover discovered discovers diverts dlp documented don down drive driven efforts either elevate emerge employees enable enables encrypted enforce enhance ensure environments escalate especially even event every evolving example excessive exfiltrating exist existence expect experience expertise exploit exploited exploits expose fact fail failure feel financial find fines flags follow forensic foreseeable form formally forward fragmented from frustrated functional future gain gdpr get going good governance grant grc guides handling hands happens harder harm have haven heavily help here hide highly hipaa or however identify identifying identity immediate immediately impact impacted implement improperly in: incident incidents includes inconsistencies inconsistent increased increases increasing increasingly incur individuals inefficiencies: inefficiency information infrastructure innovation insecure inside integrate integrating intellectual intentions interest introduce introducing investigation invests involve involved issues issues: itdr its just key lack landscape lead leading leads leakage leaks learn legal level life like likelihood likely list logging long longer losing loss loss love maintain make makes malicious manage managed management managers managing many matters may meet mfa microsoft midnight might misconfigured mitigate monitored monitoring more most movements much multifactor multiple must necessary need needs negatively neither new non not occurs of: official officially often onboarding one only operational operations organization organizations organizations others out outside over overall oversight own ownership page pam part party password passwords penalties people perform permissions personal place plan policies policy post posture potential practices prevention priorities privacy privilege privileged privileges proactive problematic problems process processes products projects proofpoint proper properly property protect protection provider providers public put queues raise ransomware rapidly realistic reason recent records referred regulations regulations regulatory rely remain remediate remediates remediation reputation request required requirements reset resort resources respond responding response response result right rigorous risk risks risky roles saas same sanctioned secured securing security sensitive serve services set settings severely shadow shadows shadows shared should significant significantly silos since six slow soc solution solutions solutions: solve some space specific sso sspm standards stay steps storage store strategies: streamline structure such sufficiently support supported sure system systems take takeover takeovers taking team teams technical technologies term than that them themselves then these they think third threat through time today together tools trace tracks trails turn two typically unapproved unauthorized undergo understand unified units unmet unnoticed unplanned unsancti |
| Tags | Ransomware Data Breach Tool Threat Cloud Technical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.