If you want to tell someone to be more realistic you might say: “Get your head out of the clouds.” But in fact, you have to do the exact opposite if you’re an IT security professional charged with managing security in today’s increasingly cloud-based world.
What you need to do is get your head in the cloud in order to understand a new wave of threats and identify ways to strengthen defences. I’m not just talking about the benefits of using the cloud for security – unlimited storage capabilities for global threat intelligence and historical data, powerful processing capabilities for security analytics, and the ability to deploy security technologies to even the most remote outposts. You also need think about how attackers are now banking on the increasing usage of Software-as-a-Service (SaaS) apps and the advent of shadow IT and resulting shadow data to steal valuable digital assets. These attacks often incorporate basic tactics but with a modern twist.
Take for instance the String of Paerls attack. The approach starts with spear phishing, targeting specific individuals with email messages that contain a malicious Microsoft Word attachment that poses as an invoice. But when the document is opened it triggers a macro that downloads malware from Dropbox and then launches the malware on victims’ machines. As another example, so called “man in the cloud” attacks steal a token from a user’s account with a cloud-based service and use it to add a device to the account without the owner’s knowledge. And then there’s ransomware which encrypts users’ files and provides the keys for decryption only after users pay a “ransom.” Ransomware can be delivered through a number of vectors including endpoints that subscribe to cloud-based storage solutions such as Dropbox, Google Drive, and OneDrive. Attackers can also use the credentials to encrypt backed-up cloud storage data, further vexing users.
So how can you go about getting your head in the cloud?
To ensure you understand and can address the main security challenges cloud apps can introduce to your organisation, you need additional visibility and context. Start by ask yourself the following questions:
1. Do I know which cloud apps employees are using and how risky they are?
To help solve the shadow IT problem, you need to be able to see a complete list of all cloud apps that employees are using and understand the level of risk associated with each app. A cloud app that is considered ‘enterprise quality’ supports multiple enterprise security requirements. With a complete list of cloud apps in use and their associated risks levels, you can decide whether an app should be sanctioned or blocked.
2. Do I know what files and data are exposed through these cloud apps?
Even sanctioned apps can be used in unsanctioned ways, creating shadow data. By requiring employees to use corporate provided credentials to access sanctioned apps, you can access the data and metadata of all users within the cloud app, gain visibility into SaaS content, and assess risk.
3. Can I control the sensitive data shared through cloud-based apps?
File sharing is much more fluid in a cloud-based world and sooner or later value data can end up in the hands of someone who shouldn’t have it. You need a comprehensive way to prevent sensitive data and compliance-related information from being uploaded to sanctioned and unsanctioned apps.
4. If an attack happens, can I get to the bottom of it and set policy to prevent future attacks?
As the examples above show, hackers target cloud app users with weak passwords on their accounts, or target users with malware meant to take advantage of the sharing potential of cloud apps. With visibility into traffic activity and the ability to detect anomalies you can then conduct further investigation to detect malicious activity and take quick and decisive action.
5. The cloud is transformative in its impact to create new business models, enable more effective collaboration, and increase productivity and agility, but it also adds increased risk of malicious or accidental leakage of business-critical data. Only by getting your head in the cloud can you fully understand the risks of each app, control how users share and access data, and combat zero-day malware.