SSL at Work (Shadow IT)

Where SSL can help you protect your information personally, and at work, for Information Security, it can be a source of data leakage. Whereas 5 or 6 years ago SSL was only 20% of the traffic on a firm's network, today its probably 60% or more. Without putting in devices that sit in the middle of SSL and expose you to data privacy issues, speed issues and cost issues you are blind to what is going on. Its generally hard to sell this solution to the business (this may change post-COVID19). The trouble is also that that these SSL/HTTPS sites generally have functions that allow upload of data to those sites, which you are also blind to. In a smaller firm, and with a good SIEM/Analysis/AI tool, I've been able to classify every SSL destination in the firm and have my tool alert me to large uploads to known sites and unknown sites. Classifying every SSL destination is a challenge in larger organizations.

All this hasn't stopped what is called "Shadow IT": where a business department sets up a function on some website outside of the firm and populates it with firm data. When the data is breached or the site no longer functions as expected, suddenly it is the job of IT and Information Security to fix/mitigate/try to get the data back. Much as we try to prevent this, I'm pretty sure this has happened to everyone. The tools in the CISO tool bag here are a good education to show why this is a very bad idea, good SIEM/Analysis/AI tools to find the data upload, and good reconnaissance of public websites to try to find firm data.

At the end of the day, something that our isolation at home during the Corona/COVID-19 virus is teaching us is that being in a company is about a cooperative endeavor with everyone putting into the collective effort their own expertise and work to achieve a product or service greater than the sum of the parts. When a part of that equation is ignored, such as CyberSecurity and IT, the result is below par. That is what happens with "Shadow IT".