Intelligent CISO Issue 52 - Page 75

As a result of these uncontrolled and sometimes insecure services , organisations were exposed to a massively increased attack surface . www . intelligentciso . com
privileges to gain access to the entire corporate IT environment .
2 . Unmanaged browsers
Most work is now performed using Internet browsers and many users have two or more of them running on their machines . If these browsers are not managed by organisations , which is often the reality , a large security gap arises .
Browsers often prompt users to store sensitive login credentials , passwords or credit card information and hackers know how to exploit this vulnerability . They see unmanaged browsers as an ideal opportunity to steal critical information and access enterprise systems and databases or make fraudulent payments .
3 . Productivity apps
Third-party productivity apps that enable users to complete tasks effectively and quickly are becoming increasingly popular . Whether downloaded to a device or browser-based , the organisation faces new risks if they are downloaded and installed without verification by the IT department .
Users are often unaware that even popular apps sometimes lack the necessary security controls or are not updated as frequently as the company ’ s security policy requires . Not infrequently , sensitive data is stored in all sorts of repositories and critical business information is potentially exposed . At the same time , the software may have conflicting security models that don ’ t align with corporate policies for access control or data usage .
4 . Fast production cycles
With the increasing pressure to work quickly and efficiently , developers and DevOps teams are quickly becoming forced to sacrifice security for speed .
This favours shadow IT . For example , developers quickly set up instances in the cloud and just as quickly take them down again . The problem is that data goes live in the cloud environment without IT or security teams knowing about it .
Policies to help IT take back control
Unless IT can provide all employees with access to the secure tools and seamless workflows they need , there is a risk

As a result of these uncontrolled and sometimes insecure services , organisations were exposed to a massively increased attack surface . www . intelligentciso . com

75