An article discusses the risks of Shadow IT as personal GitHub repositories of employees at companies like Microsoft Azure, Tigera, and Red Hat are unknowingly exposing corporate secrets, credentials, and cloud environments to threat actors. The practice of Shadow IT, where employees bypass company security protocols by using personal repositories, poses a significant blind spot for IT security teams, leading to potential unauthorized access to critical images in Azure projects and container registries of Red Hat and Tigera. To mitigate these security risks, regular scanning for exposed environments, employee education on security best practices, implementing least privilege with scoped keys, and limiting secret lifespan with expiration dates are recommended
https://www.hackread.com/shadow-it-github-repos-employee-cloud-secrets/