{"id":5773,"date":"2024-10-14T15:20:13","date_gmt":"2024-10-14T20:20:13","guid":{"rendered":"https:\/\/www.darkreading.com\/endpoint-security\/the-lingering-beige-desktop-paradox"},"modified":"2024-10-14T15:20:13","modified_gmt":"2024-10-14T20:20:13","slug":"the-lingering-beige-desktop-paradox","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/10\/14\/the-lingering-beige-desktop-paradox\/","title":{"rendered":"The Lingering Beige Desktop Paradox"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

COMMENTARY<\/span><\/span><\/p>\n

When I started out my career in security everything was an adventure \u2014 new technologies, new opportunities, and new lessons to learn. Some of those lessons have stayed with me over the years. Simple on the surface, these lessons have had a significant impact and proved valuable over time. Yet, when I look at the wider industry, I often find myself vexed at the current state of affairs. <\/span><\/p>\n

The Beige Desktop is Everywhere<\/h2>\n

The best example of this flustered feeling is the pervasive nature of the beige desktop. We have all seen them in our travels in this industry \u2014 those machines that predate many of the technologies that we rely on today. Hardware that soldiers on from the dark recesses of a data center’s raised floor. <\/span><\/p>\n

You can all see where this is heading. That system is invariably running code written by a summer student long ago, which has now become mission-critical. Code that was not properly commented or documented. An application that has somehow become indispensable to the business. <\/span><\/p>\n

How does this keep happening? I\u2019ve often pondered this question. Whenever I bring it up when delivering a talk at a conference, there are always heads nodding in understanding. Those systems that lurk in the shadows of a data center. <\/span><\/p>\n

Hard to Get Rid of Shadows<\/h2>\n

We often hear the term \u2018shadow IT\u2019 mentioned. It usually finds its way into conversation with a sense of derision. A few months ago, I was giving a talk at a conference when I asked the audience if they had encountered the beige desktop in their environments. The audience laughed, grimaced, and hung their heads\u2014confirming my thoughts. I paused and then asked how many companies present had controls in place for shadow IT in their environments. Every hand went up. <\/span><\/p>\n

I let the question hang in the air for a moment. Then, I asked the audience a follow-up query: \u201cHow many of you here have shadow IT in your environments?\u201d There was some hesitation. Eyes darted around nervously. Slowly but surely, all of the hands went up again. <\/span><\/p>\n

We had an interesting conversational moment. These companies all had controls in place to guard against shadow IT, yet\u2026it still existed. We had discovered Schr\u00f6dinger’s IT security problem. It simultaneously exists and doesn\u2019t. <\/span><\/p>\n

Who Owns the Risk?This begs the question: who truly owns the risk of shadow IT? While the knee-jerk reaction might be to assign this to the chief information security officer, I wonder if that is fair. The CISO puts security controls in place. The CISO ensures that there are policies and procedures around handling the risks presented by shadow IT but it continues on. Is it fair to say the CISO is responsible at that point? Just thinking out loud. Could this risk be more appropriately assigned to the Chief Financial Officer, as it presents a potential material enterprise risk, and thereby falling under the responsibility of the CFO? I would love to see this develop into a broader conversation because, honestly, I\u2019m unsure of the answer and would love the input from the CISO community. <\/h2>\n

How We Wound Up Here<\/h2>\n

Shadow IT rarely, if ever, originates from a place of malice. These projects are quite often built to satisfy the need for innovation. Other examples of why this happens could include the perceived inadequacy of the deployed systems that support development in the enterprise or simply be done out of a need for speed and convenience. <\/span><\/p>\n

It\u2019s often easier to ask for forgiveness than permission. While the beige desktop may be a tongue-in-cheek story, it does serve as an example of what happens in environments across the globe. <\/span><\/p>\n

Top Dead Center<\/h2>\n

How do we move toward an enterprise or SMB environment that supports innovation while remaining safe and secure? There is a need to provide visibility and security to deal with tools and projects that may not have been vetted or approved by the IT and Security teams. <\/span><\/p>\n

It\u2019s time to move away from the beige desktops and towards a technological engine that empowers businesses to drive innovation safely and securely. <\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

COMMENTARY When I started out my career in security everything<\/p>\n","protected":false},"author":12,"featured_media":5774,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-5773","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/the-lingering-beige-desktop-paradox.jpg?fit=2000%2C1125&ssl=1",2000,1125,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/the-lingering-beige-desktop-paradox.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/the-lingering-beige-desktop-paradox.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/the-lingering-beige-desktop-paradox.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/the-lingering-beige-desktop-paradox.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/the-lingering-beige-desktop-paradox.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/the-lingering-beige-desktop-paradox.jpg?fit=2000%2C1125&ssl=1",2000,1125,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/the-lingering-beige-desktop-paradox.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/the-lingering-beige-desktop-paradox.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/the-lingering-beige-desktop-paradox.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/the-lingering-beige-desktop-paradox.jpg?fit=2000%2C1125&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5773","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5773"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5773\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/5774"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5773"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5773"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5773"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}