All posts by eduardmeelhuysen

Danger within: Defending cloud environments against insider threats

According to a recent study by Crowd Research Partners, over 90% of organisations feel vulnerable to insider attacks. This should come as no surprise. Cloud adoption and bring your own device (BYOD) policies have greatly improved businesses’ agility, but have also made sensitive business data much more readily accessible, presenting a significant IT security challenge. This is clearly demonstrated in the recent incidents involving BUPA, Morrisons and the CIA.

Of those questioned by Crowd Research Partners, 53% confirmed that they had experienced an insider attack in the last twelve months; additionally, 27% said that insider attacks have become more commonplace. Both statistics are indicative of the growing threat that insiders pose to data security. Unfortunately, in cloud-based IT environments, organisations often struggle to detect anomalous or careless employee behaviours. As such, many must revise their approaches to data protection. However, before deploying a new security solution, it is important to understand four of the most common insider threats faced by businesses today.

The rogue employee

Often described as malicious insiders, rogue employees are individuals that intentionally set out to steal company data; this may be done out of a desire for vengeance, profit, or even a competitor’s benefit. A high profile example can be found with the 2015 case of a Mercedes engineer that stole highly sensitive data in order to give it to his new employer, Ferrari.

Unfortunately, insiders with malicious intent have an upper hand when it comes to data theft – they have legitimate credentials that will bypass the majority of their organisations’ security features. If such an individual holds a senior or administrative role, she or he may even have unfettered access to an organisation’s most sensitive data 

The third-party employee

Third parties are frequently overlooked when organisations are planning their security strategies. These insiders often act as fully integrated members of an organisation, even when working from distant locations. Some may also have in-depth familiarity with internal processes and controls, making them just as knowledgeable about security procedures as an internal employee.

The hacked account

Compromised credentials are a significant danger for the enterprise. With usernames and passwords in hand, outside parties can enter corporate networks through legitimate means and evade security systems. An example of this can be found with the global accountancy firm Deloitte. Recently, hackers compromised the organisation’s global email server using a stolen admin account, granting them unfettered access throughout the entire system for months before their activities were discovered.

As this example shows, breaches involving credential compromise can take a great deal of time to identify and remediate. From an IT perspective, it can appear as though account hijackers are simply regular users going about their normal job duties, making it difficult to detect credential compromise.

The careless worker 

While disgruntled workers clearly pose a serious threat to organisational security, a less obvious threat rests with happy, but careless employees. These individuals may inadvertently compromise security by using unsecured public Wi-Fi, losing organisational credentials, clicking on suspicious email links, sharing sensitive information with unauthorised parties, or being followed into the office through an access-controlled door. Each of these mishaps offers criminals an opportunity to breach the enterprise.

What can organisations do?

The unpredictable nature of insider threats means that a proactive, multi-faceted solution is the best form of defence. Below are four different approaches to security which, when combined, create robust protections around cloud-based environments.

Automation: Reactive tools that rely upon humans to manually analyse threats are incapable of protecting data in the high-speed era of the cloud. As such, automated security solutions are vital for businesses today. These kinds of tools employ machine learning so that they can identify malicious or suspicious behaviours as they take place; for example, when a user suddenly downloads an unusually large amount of data or accesses sensitive information outside of normal working hours. These tools use an analytical, real-time approach in order to uncover threatening behaviour and take corrective actions as needed.

Identity and access management (IAM)To defend against insider threats, it is imperative that organisations verify users’ identities and grant data access to appropriate parties only. Relying upon basic passwords is no longer an adequate strategy for protecting corporate information. Instead, companies need to leverage multi-factor authentication (MFA) and require a second form of verification – like an SMS token sent via email or text message. Other helpful capabilities include contextual access control, which governs data access by factors like job function and geographic location, as well as session management, which automatically logs inactive users out of corporate applications in order to prevent account hijacking.

Data loss prevention (DLP): Cloud DLP is a dynamic tool that securely enables employees to work wherever they want and whenever they want – from the devices of their choosing. A typical cloud DLP offering should include watermarking (tracking), file encryption, redaction, and other features that help ensure that sensitive data never gets into the wrong hands. 

Training: While technology can be a powerful way to improve data security, another effective tool is far simpler. Regular employee training s can raise awareness of security best practices and help keep data protection top of mind for workers. By consistently discussing the importance of security and the consequences of failing to uphold security protocols, the threats of data theft and data leakage can be minimised.

Conclusion

The growing adoption of cloud has greatly improved the agility of many modern businesses. However, it has also given rise to new security concerns – like the insider threats detailed above. Fortunately, by understanding modern threats and deploying appropriate security solutions, many of these risks can be mitigated and even eliminated. In this way, organisations around the world can confidently step into future and secure their use of the cloud.

How to ensure enterprise cloud app use complies with the GDPR

(c)iStock.com/Creative-idea

After months of fine tuning and approvals from various bodies, the EU General Data Protection Regulation (GDPR) is almost upon us.

When the GDPR finally becomes law in spring of this year after passing a final stage of approval, organisations will have two years to comply with the regulation. Two years might seem plenty of time, but the complex picture of cloud use in modern enterprises means that GDPR compliance will be a challenge. A recent Netskope and YouGov survey found that almost 80% of IT pros in medium and large companies are not confident of ensuring compliance with the regulation in time for the expected deadline of spring 2018.

Enterprise cloud app use is a significant potential stumbling block for organisations seeking GDPR compliance, not least because cloud apps create unstructured data which is more difficult to manage but still explicitly included in the regulation. The survey found that almost a third of IT pros admit to knowing unauthorised cloud apps are in use within the organisation, but only 7% have a solution in place to deal with this phenomenon – also known as shadow IT.

Cloud app use provides such huge productivity gains that blocking apps isn’t an option. Companies must discover how to continue using cloud apps while ensuring protection of structured and unstructured data, both in-transit and at-rest. So how can organisations ensure compliance and continue using cloud apps?

The GDPR requires organisations actively to take measures to protect the data they hold. They won’t comply with the GDPR only through legal arrangements like policies, protocols and contracts. Rather, companies must take deliberate organisational and technical measures to ensure data protection and compliance in all areas. This is known as data protection by design, and goes beyond traditional security measures aimed at confidentiality, integrity and availability of the data.

Controlling and securing data in cloud apps will be central to GDPR compliance, so managing an organisation’s interactions with the cloud is a good place to start. This can be achieved by:

  • Discovering and monitoringall cloud applications in use by employees
  • Knowing which personal data are processed in the cloud by employees – for example, customer information such as name, address, bank details, or other forms of personally identifiable information (PII)
  • Securing data by setting up policies which ensure that unmanaged cloud services are not being used to store and process PII. The policy should be granular enough to stop the unwanted behaviour while allowing compliant use of the cloud to continue
  • Coaching users to adopt the services you sanction
  • Using a cloud access security brokerto assess the enterprise-readiness of all cloud apps and cloud services to ensure that all data are protected when in transit or at rest

The complications arising from the use of cloud and shadow IT mean that personal data is harder to track and control than ever before. The GDPR will have significant and wide-ranging consequences for both cloud-consuming organisations and cloud vendors, and security teams will need to make the most of the two-year grace period before penalties for non-compliance come into force. Examining an organisation’s cloud app use is a great place to start.