Mozilla to Firefox users: Here's how we're protecting you from code injection attacks

Mozilla to Firefox users: Here’s how we’re protecting you from code injection attacks

Mozilla cleans up Firefox to cut risk of code injection attacks and deter use of a dangerous JavaScript function Firefox-maker Mozilla has detailed its recent efforts to harden the browser against code injection attacks. That hardening work has focused on removing "potentially dangerous artifacts" in
/
Tech Crunch

App revenue climbs 23% year-over-year to $21.9B in Q3

Global app revenue continues to climb, thanks to the growth in mobile gaming and the subscription economy. In the third quarter of 2019, consumer revenue grew 22.9% year-over-year from $17.9 billion to reach an estimated $21.9 billion across both the App Store and Google Play
/
WannaCry North Korea Ransomware Attack

Shadow IT – Threat or Opportunity?

Shadow IT

Shadow IT – sometimes referred to as Stealth IT – describes the usage of IT systems and solutions that are built and used inside businesses and organisations without explicit approval from IT departments and/or management. Fueled by the growth of BYOD policies, Christopher Rentrop, Professor of Informatics at Konstanz University of Applied Sciences, believes it now includes “all applications that are acquired without the IT department’s involvement and whose use is not covered by IT service management”

His definition means the term includes software, cloud apps, workflows and even hardware. While Shadow IT can play an important role in the fields of innovation, research, and development, it also causes problems by frequently failing to adhere to a company’s need for control, documentation, security and reliability.

Compliance

But how much of a threat is the area? Can a company be seriously compromised by unchecked Shadow IT within its walls? We know hardware can be identified by network management tools, but monitoring social media platforms and other cloud-based applications is very difficult. For example, staff can use Facebook or Dropbox to send or publish documents unobserved and pose a compliance risk, while non-approved software and services consume bandwidth, slow networks, and ultimately add to the workload of IT departments. Indeed, half of the IT managers questioned believe that 50 percent of their budget is being eaten up by the management of shadow IT alone.

Some analysts believe that Shadow IT now threatens the very existence of IT departments. They claim that the traditional procurement process is dying, replaced instead by individual departments servicing their own IT needs away from the eyes of the IT departments. Three reasons for this are normally forthcoming; 1) IT departments are slow and cumbersome in terms of action, 2) the IT departments lacks the expertise necessary in certain apps, and 3) the IT department is too expensive and too complex. Research by Gartner suggests that at least 90 percent of all IT spend will be managed outside of the IT department by 2020, with Forrester adding that central IT departments will become largely obsolete.

Current IT Landscape

Rather than posing a problem, it can be argued that this instead represents an opportunity. The reason the traditional procurement processes are dying isn’t the fault of IT departments per se, but because lots of organisations insist on using a method that is 25 years old and out of touch with the current IT landscape. IT departments need to listen to the staff, aiming to become a powerful and forward-thinking force that helps make companies more efficient, effective and profitable.

Staff should not be accused of circumventing IT departments wilfully. Typically they have a problem that they need solving fast. When the world outside the office sees such solutions a download away, it is unrealistic to expect a different, lengthy procedure in work. Such a situation explains the soaring growth of services like Dropbox – emails cannot cope with large attachments, so employees use Dropbox and the problem is solved – with or without the blessing of the IT management.

Shadow IT Infographic: Vanson Bourne

What do you think of Shadow IT, is it a threat to organisations’ internal security, or an opportunity for them to amend and improve their practices? Let us know in the comments below.

Tomorrow we look at the security risks round apps frequently used within the Shadow IT umbrella.

By Daniel Price

Daniel Price Contributor
Daniel is a Manchester-born UK native who has abandoned cold and wet Northern Europe and currently lives on the Caribbean coast of Mexico. A former Financial Consultant, he now balances his time between writing articles for several industry-leading tech (CloudTweaks.com & MakeUseOf.com), sports, and travel sites and looking after his three dogs.
Ankur Laroia

Why ‘Data Hoarding’ Increases Cybersecurity Risk

Data Hoarding The proliferation of data and constant growth of content saved on premise, in cloud storage, or a non-integrated solution, poses a challenge to ...
Aaron Continelli

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in mind when implementing an ERP ...
Allan Leinwand

Two 2017 Trends From A Galaxy Far, Far Away

Reaching For The Stars People who know me know that I’m a huge Star Wars fan. I recently had the opportunity to see Rogue One: ...
Daren Glenister

10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

Prevent Data Leaks In The Cloud More companies are turning to the cloud for storage. In fact, over 60 percent of organizations store sensitive information ...
The Cloud Debate - Private, Public, Hybrid or Multi Clouds?

The Cloud Debate – Private, Public, Hybrid or Multi Clouds?

The Cloud Debate Now that we've gotten over the hump of whether we should adopt the cloud or not, "which cloud" is now the center ...
It Programs Compressor