Recently we heard the news of sensitive data getting exposed from online filesharing accounts. It was not surprising and I’m sure majority of my colleagues in cybersecurity were not surprised by it either. But not everybody is thinking about cloud security while focused on doing their job. In an effort to share what I have learnt from discussions with security architects and industry leaders, here are the top three risks that most organizations face when they migrate to a cloud environment.
1.Users oversharing data in file-sharing apps
Typically, employees are well intentioned when they share data in file sharing apps. They are not trying to put the organization at risk, instead they are trying to be productive and competitive. But while doing that security is not on their mind. That is why we have seen a proliferation of cloud app usage on a team by team basis. The HR, marketing, sales, finance and others are all using different apps which suit their need the most but at what cost. Oftentimes, the employees end up sharing too much which can be a huge risk to the organizations. This could also include sharing sensitive data outside the organizations via publicly sharing links.
2.Admins making mistakes or coming under attack
In the past, high value assets were secured on-premises while under constant surveillance. We would know who accessed these assets very easily if something were to get compromised. With transition to the cloud, analytics around who is accessing sensitive and confidential assets from where becomes critical for data security. Cloud administrators hold the proverbial ‘keys to the kingdom’ which makes them high value targets. As administrators are humans there are bound to be occasional mistakes that they make which could be costly to the organization. This is in addition to admins getting targeted or attacked which happens quite often due to the value their access represents.
3.Employees or partners accessing cloud apps using their personal devices
Gone are the days when people would only respond to email or access business applications during set hours within a day or working from a specific location. Employees and partners alike are on a 24/7 clock to be competitive in today’s world. This means that more and more users are accessing cloud services from their personal devices (BYOD). Most of the times these devices do not have any agent running on them as they are not corporate issued. When users access cloud applications and services using these devices, this interaction is completely invisible to traditional IT systems. This tends to be a significant blind spot and a growing challenge for many organizations embracing the cloud.
Addressing the risks of transition to the cloud
Knowing the risks above, will you or your organization slow down the adoption of cloud technology in the future? I do not think so (and I hope not) but what can we do for situations similar to these or ones which have not come to light yet. We have to change the way we think about cloud security beyond the cloud service provider. Here are the three things most important while securing cloud apps:
We need to understand what apps are in use and who is accessing them from where. Many organizations have no idea what all cloud apps are being used in their environments or if they do might not know who all are accessing them. This brings me to the adage – you cannot secure what you cannot see.
Once we know the details of who is accessing the cloud apps and data we need to assess the risk associated with activities that users are performing. This is where behavioral analytics comes in to play.
Protection and Policy Enforcement
Once we know the risk in our environment we can stop data exfiltration or access with automated policies or can leverage our SOC to handle highest risk users/events first. Having all the activities is important to give context for enforcement and also makes the analytics better.
To have the capabilities above you can leverage tools like Cloud Access Security Broker (CASB) as they secure any app which might be in use in your environment. As an example, you can set a policy for all apps, that anyone from outside the organization is blocked or removing all sharing links from sensitive data uploaded. In the case of a recent breach where sensitive data was accidently shared publicly, the malicious users would have been stopped in their tracks from accessing it, as they are coming from outside the organization. The beauty of this is, now you do not have to go individual apps (like office 365, box, dropbox, salesforce, and others) to make sure things are all set correctly.
If you would like to learn more about how Forcepoint CASB can help you secure your cloud environment you can click here.