1. Data Leakage
Sensitive data leakage is the most critical threat cloud computing poses for organizations today. In order to better secure your data, you need first to understand how your data can leak. The risk of data leakage increases as employees use their corporate or personal devices to access startling diversity of cloud apps at work, from note-taking app Evernote to file sharing app Google Drive, OneDrive or Dropbox. In fact, ~80% of workers admit to using non-approved public cloud apps at work according to a Stratecast survey.
A malicious insider can exfiltrate sensitive data to his personal Google Drive using his corporate machine
Sensitive data can also be leaked due to an inadvertent human error using sanctioned or unsanctioned cloud apps: Accidental oversharing, storing passwords in shared storage or cloud resources misconfiguration.
A user can accidentally share sensitive data on corporate OneDrive with URLs publicly accessible
Here are some recommended security measures to prevent sensitive data leakage and meet compliance requirements:
- Identify and encrypt sensitive data in transit and at rest
- Identify and control risky shadow IT
- Ensure granular visibility on all sanctioned and unsanctioned cloud apps
2. Suspicious activities
Malicious insiders could have a wide raging impact on the confidentiality, integrity and availability of enterprise data. With the use of cloud apps, the risk increases as insiders can use their cloud accounts with their unmanaged devices to spread malwares throughout an organization, infect rich data or exfiltrate sensitive data.
A malicious insider can use an unmanaged device to exfiltrate sensitive date from corporate OneDrive storage
A malicious insider can use an unmanaged device to upload malicious file to corporate OneDrive storage or attach it to a Salesforce record. The file may then be opened by a legitimate user connected to the enterprise corporate network.
On the other hand, user credentials may become compromised through phishing attacks of other similar techniques. Threath actors may use the stolen cloud accounts to perform malicious activities. Sensitive data can be leaked, falsified, infected or destroyed causing significant cost to business. Legal implications are also possible for organizations in highly regulated industries, such as healthcare, if personal information is exposed during cloud account takeover (ATO) incidents.
Unfortunately, these new threats cannot be handled by the standard IT security measures. Therefore, organizations should enhance their security measures to protect their assets against malware, ransomware, cloud ATO and other malicious cloud activities.
Here below some known security measures to protect enterprises against the above-mentioned malicious cloud activities:
- Develop and deploy a data loss prevention (DLP) strategy.
- Perform user and entity behavior analytics (UEBA) for better visibility.
- Scan and quarantine malware at upload, at download and at rest.
- Block known and zero-day threats.
- Encrypt sensitive data before it goes to cloud storage.
3. Identity Sprawl
Historically, users used to authenticate on a central identity datastore to access on-premise corporate apps. Overtime, business began to use cloud apps and Software as A Service (SaaS) such as ServiceNow or Salesforce. Likewise, social media and other shadow cloud apps gained popularity and are incorporated into day-to-day business operations. Suddenly, employees found themselves authenticating against different datastores all over the internet. This ID sprawl increases the risk of user’s cloud accounts takeover and makes protecting access to an organization’s information far more challenging. Here are some security measures to protect user’s cloud accounts:
- Use a central identity and access management (IAM) platform for approved cloud apps.
- Restrict access from unmanaged devices and control the type of cloud apps used companywide.
- Enforce multi-factor authentication to access corporate cloud apps.
- Apply granular content-based and context-based policies.
Is CASB a sure bet to manage all those risks ?
CASB (Cloud Access Security Broker) solutions may fill many of the security gaps addressed in this article and delivers a holistic view of the entire cloud environment which enables organizations to effectively manage cloud security risks while capitalizing on the benefits offered by cloud computing.
The question is :
are CASB solutions ready for Prime Time? According to our observations and customer’s feedback, it doesn’t seems to be the case at present time. While CASB solutions have been available now for the past 5 years, the market is still immature. Each product on the market has its own strengths and weaknesses and covers different threats. Therefore, it is important to understand your cloud services use cases when it comes to choosing a CASB solution. Assessing the impacts on the existing infrastructure is also required. If you are interested in further discussing CASB solutions and being well-advised in designing and choosing the best suited solution, reach out to Orange Consulting.
Proven network and information security consultant with a solid technical background. I have been involved within the information security field over the last 7 years.