Shadow IT in the Cloud

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 7, 2019, 5 p.m. (30 minutes)

Shadow IT refers to technology that is procured outside of official channels, processes and/or procedures meaning they aren’t vetted or managed by the IT and Security organizations. We all know about Shadow IT and the risks and dangers that come with that but what about Shadow IT in the Cloud – now that’s a scary thought. Now you have data in the hands of others and NO ONE KNOWS about it which means there isn’t any governance around it either. How do we lock down data in the cloud and ensure we have everything in place to avoid data loss or breach while also giving the business and other teams the tools they need to do their work? How do we block these ‘scary’ cloud services like file stores, pdf merger sites, code beautifiers, etc. when cloud is quickly becoming the new normal?

Presenters:

• Marisa Dyer
  Marisa is an Information Security Engineer at USAA focusing on managing and securing our web proxies, email and cloud technologies. She’s currently heading the way for the cloud remediation effort at USAA. Her previous roles at USAA include management of the API gateway and B2B teams.
• Jessica Hazelrigg
  Jessica is Director at USAA focusing on the security and availability of USAA’s platforms and endpoints including web security and cloud technologies. Prior to USAA, Jessica served as lead for an operational team supporting US cyber intelligence efforts along with military intelligence experience.

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Shadow IT in the Cloud Marisa Dyer Jessica Hazelrigg.mp4
• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Shadow IT in the Cloud Marisa Dyer Jessica Hazelrigg.eng.srt (subtitles)
• https://www.youtube.com/watch?v=GH6Qv1Scrwc

Similar Presentations:

• ToorCon: Seattle (Beta) (2007) / Anycast Cloud Bursting
• BSidesLV 2015 / What Lurks in the Shadow
• Texas Cyber Summit 2019 / BT-1050 Shining a Light on Shadow IT in the Cloud