Paul's Security Weekly (Audio) cover image

Paul's Security Weekly (Audio)

Shadow IT and Security Debt - Dave Lewis - PSW #849

Oct 31, 2024
In this engaging discussion, Dave Lewis, the Global Advisory CISO at 1Password, unpacks the nuances of shadow IT and security debt, drawing from his extensive cybersecurity expertise. He emphasizes the critical human factors in security and the pressing need for organizations to address outdated technologies. The conversation also touches on recent vulnerabilities, the complexities of managing unauthorized tool usage, and the balance between innovation and security, all while sharing insights that underscore the importance of proactive cybersecurity measures.
02:50:27

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

  • Shadow IT arises from employees' needs to effectively perform their jobs, highlighting the importance of understanding organizational policies.
  • The reliance on unauthorized applications can expose organizations to significant data security risks, necessitating employee training on implications.

Deep dives

The Implications of Shadow IT and Security Debt

Shadow IT is defined as the use of unauthorized applications and devices within an organization, often without the knowledge of IT departments. This often occurs when employees seek solutions to business challenges due to a lack of support from formal channels. The conversation highlights how shadow IT is usually not malicious; rather, it stems from employees' needs to perform their jobs effectively. Education and clear communication are essential for organizations to address shadow IT and help employees understand what is permissible.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner