If you have been following for any length of time, you know that I have been blogging about Shadow IT and the security risks it poses in terms of both data leakage and outright breaches. Leaving your IT infrastructure in the hands of the uninitiated who just happen to have a procurement card is arguably not the best idea. Without some IT security background, it becomes tempting to do things like open firewall rules because a specific user is having problems accessing a resource. I have actually seen clients add firewall rules that state allow every port from every IP address to connect to this resource. This is effectively placing your firewall in bypass and allowing the internet to have its way with your resource.
Just a few weeks ago, I blogged about googing the search term “misconfigured aws s3 bucket data breach” and finding 81,000 results. I happened to check that same term again today and found 99,000 results. A truly disheartening trend considering that all sorts of data about all of us is stored “in the Cloud” where its free to be discovered by anyone who is looking.