This week's episode dives deep into the concept of shadow exposure and how it relates to third-party software, often overlooked in discussions about shadow IT. We explore the historical context of shadow IT, its evolution, and the real risks associated with widely deployed enterprise software that organizations may not fully understand.
Join us as we discuss:
- The origins and implications of shadow IT
- The challenges of visibility and transparency with third-party vendors
- Real-world examples of vulnerabilities in critical software, including ServiceNow and IBM's ASPR Fastback
- The limitations of security questionnaires and self-attestation processes
- The importance of proactive security measures and effective disclosure processes
We also share insights from our security research team and discuss how organizations can better manage their attack surfaces to mitigate risks associated with shadow exposure.
For more details about Assetnote's Attack Surface Management Platform, visit https://assetnote.io/
What is Surfacing Security?
In "Surfacing Security," we explore a variety of cybersecurity topics relevant to Attack Surface Management and beyond. Your co-hosts are Michael Gianarakis (Assetnote Co-Founder/CEO) and Shubham Shah (Assetnote Co-Founder/CTO).