Rise of the Rogue Cloud: The Fundamental Security Mistake Enterprises Make and How to Correct It

Development teams, especially at the world’s largest organizations, move at a lightning pace. Not just to keep their businesses competitive, but also to…

Development teams, especially at the world’s largest organizations, move at a lightning pace. Not just to keep their businesses competitive, but also to keep their jobs.

Knowing that, it’s easy to predict what happens when it takes a network user’s IT team two weeks to stand up a testing environment, or when—surprise!—nobody knows how long it could take. This could be because the organization never developed a clear process for providing on-demand computing resources, or because the company is dealing with a patchwork DNS, DHCP, and IPAM solution set that makes streamlining a process like that—let alone automating it—nearly impossible.

Enter: Shadow IT.

Network users who need compute are notorious for circumventing IT to get it autonomously (they charge it to their personal credit cards, then expense later). You can’t blame them, because they’re paid to get stuff done. Minding security isn’t in their job description.

This is a problem, especially when the Finance department’s expense controller finds out before the IT team that the organization has a rogue cloud service.

What’s wrong with independent clouds?

On a well-organized network that leverages a foundation like Adaptive DNS (short for “enterprise-grade, streamlined suite of DNS, DHCP, and IPAM solutions”), devices are covered by a unified, secure system. On a rogue cloud, nobody knows what’s going on. Sure, AWS and Azure come with more firewalls than someone can count but utilizing them correctly slows down testing processes. Naturally, these firewalls get indiscriminately disabled by the same users that circumvented IT in the first place.

Adding to the problem is the fact that most in-a-rush users who set up these clouds do so in a hurry, and often don’t bother to follow basic security best practices, like strong password selection. Shadow IT is a security nightmare.

As soon as something bad makes it onto a rogue cloud, it gets direct access–usually via VPN connection from the user’s computer–to their organization’s network. This isn’t just a breach risk; it’s expensive. After all, some nefarious actors are solely interested in accessing an organization’s cloud to free-ride on its computing resources.

Furthermore, when rogue clouds go up, organizations stay unaware of the demand for them. This creates problems in budgeting for the proper process to be set up, to meet the actual demand going forward. This is a vicious circle.

Critical conversations on critical infrastructure

Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.

Join the conversation

Read more

To better see the threats on your network, try DNS

DNS is a vector used in most cyber attacks. When it comes to DNS, BlueCat can enhance visibility, detection, and containment of threats to your network.

Read more
Webinar: Threat Protection

BlueCat Solution Architect Steffen Probst discusses how intelligent security from BlueCat uses DNS to protect internal and external traffic against threats.

Read more
WFH, DOH & DNS: Keeping networks secure during unprecedented change

As we work from home, DOH (DNS over HTTPS) use is up by 1,500%. Learn what DNS tells us about network security and how BlueCat and Cisco Umbrella can help.

Read more
Domain Generation Algorithms 101

Dissecting the malware technique that keeps threat hunters guessing. For cybersecurity professionals and threat hunters, it can feel like advanced…

Read more

Subscribe to our blog