Don’t just discover the cloud, control it!

End-users move constantly between devices and locations to access data when and where they need it for uninterrupted productivity. There is no question that this is a good thing.

In a distributed landscape though, how do you maintain visibility of where your data resides? Or control where data goes and who can access it?

Test how well you keep track of data with these questions:

• How do you achieve not just visibility but control?
• Do you know for certain how many cloud-connected apps are in use across your organisation?
• Can you tell what data is being shared where, with whom?
• Are you prepared for data breach risk implications?

Data is often exposed in ways and places that you never imagined.

The average enterprise uses 1,516 cloud apps – 40 times what they typically think¹.

The good news is that there are now ways to regain control of disorderly data. Identity is the new perimeter, adding this layer of sophistication to your cloud security enables you to see exactly what’s happening. IT teams are empowered to apply granular control to data accessed via the cloud, so only the data you permit can be accessed by and shared with the right people. Discovering what’s happening in the cloud is the first step, controlling it should be the goal.

By 2020, 85% of large enterprises will use a Cloud Access Security Broker platform, forecasted to jump 80% in two years from less than 5% utilisation today².

Start with the basics: Data loss prevention

The cloud is becoming the de facto mechanism for sharing content and the reality is that much of that content, in a business context, is sensitive or regulated data. So your data loss prevention (DLP) measures must logically also extend to the cloud.

With mandatory reporting of data breaches now a legal obligation, many organisations are still coming around to realisation that the reputational damage from a data loss can be just as costly as the breach itself. Those organisations that do recognise the risk exposure, have deployed a range of DLP solutions for different data channels including email, storage, end device and more.

Start with the basics:

• Does every employee really need access to every folder on your server?
• Are your permission levels suitably granular?
• Can you confidently say that only the right groups of users have access to the specific data they need to do their jobs, and not more?
• Do you have considerations in place to protect against technical and human intrusion risks?

62% of end users have access to company data they probably should not see³.

Traditionally, DLP products discover sensitive data and mitigate the risk of its loss at the endpoints, in storage and over the network.

Gartner defines the DLP market as technologies that provide “remediation for data loss based on both content inspection and contextual analysis of data. DLP products can execute responses — ranging from simple notification to active blocking — based on policy and rules defined to address the risk of inadvertent or accidental leaks, or exposure of sensitive data outside authorised channels⁴.”

The reality now, however, is that you need this sort of capability to extend seamlessly to the cloud. This is where Cloud Access Security Broker (CASB) solutions like Symantec CloudSOC come into play. By combining cloud-based detection with cloud-based analysis to minimise data flows, CASB solutions can extend traditional DLP solutions to leverage cloud-specific analysis and policy creation. That means you can now monitor and control what end users are doing with your enterprise data both inside the organisation and out on the cloud. For example, you could set a policy to instantly unshare a particular type of link deemed too risky from a corporate data protection perspective. Or, as another example, with CASB solutions you can set policies to build a cumulative risk score of a user’s behaviour and automatically kick-in increasing multifactor identification requirements if a cloud app user appears to be accessing sensitive data outside normal usage patterns.

The diagram below from Symantec’s Securing Cloud Applications and Services eBook illustrates how user behaviour analytics establish a baseline behavioral pattern of each user and will trigger action if unusual activity such as excessive downloads, numerous failed logins or mass public sharing occurs.

Image: Symantec User Behaviour Analysis Diagram.  

Protect against malware on-premises, on-device, on-cloud

While on the one hand organisations are busy protecting against sensitive data flowing out of the organisation, it is equally critical to protect against incoming malicious software.

Script and macro downloaders increased by 92 percent in 2017, as they continue to be aggressively propagated in order to install ransomware and banking threats⁵.

Don’t be lulled into a false sense of security thinking that you don’t have any information exciting enough to warrant stealing. Ransomware doesn’t really care how important the data is to someone else – it plays on the fact that your data is incredibly important to you.

Often, the data is lost forever in these attacks. The lesson here is back up your data so you don’t feel compelled to pay in case this happens⁶.

Protecting against malware needs a similarly broad perspective that extends beyond the network perimeter to the cloud. Malware not only effects files and systems within your network perimeter, but is just as likely to attack cloud accounts. It is not enough to rely on security protocols on the network perimeter, many users sync their cloud and device environments which can further exacerbate the challenge of malware flowing in and out of the cloud and spreading rapidly as a result.

CASB solutions recognise the blurring between on-premises, on-device and on-cloud and can help you to extend your malware protection accordingly. This cloud-aware approach can harness global threat intelligence to analyse cloud content, including file reputation analysis and tracking the latest breach data on a wide range of cloud apps and services. Of course, detecting potential threats isn’t enough in a lightning fast cloud environment. These solutions also enable you to instantly block or quarantine suspected malicious content, regardless of where it is discovered.

Ensure your users are who they say they are

One of the most basic of security measures, remains the need to ensure that you only let the right people access corporate systems. With high profile security breaches impacting even behemoths like Facebook, your defences may be worth little if your end users have reused a corporate password on one or more of other cloud services they access. If that third-party service is breached, it is a very short step for the attacker to immediately attempt using captured passwords to access other systems that the individual may be associated with.

59% of people use the same or similar password for multiple accounts⁷.

The Dropbox data breach resulting in 60 million user credentials being stolen started with an employee reusing a password at work – it’s that simple⁸. Robust password policies have a role to play, as does ongoing user training. Many organisations have already dabbled with multi-factor authentication which is a powerful augmentation of traditional password protection. However, users often resent the additional imposition unless it is quick, easy and clearly relevant. Users accessing cloud applications are no different, security must not stifle productivity.

Sophisticated CASB solutions recognise these subtleties. Rather than a one-way sharing of information from enterprise single sign-on (SSO) solutions to approved cloud applications, CASB solutions can leverage a two-way sharing of information. This is significant because it means that that CASB insights can inform user authentication solutions. It’s now possible to dynamically adjust user authentication requirements based on real-time risk conditions in the network, a concept known as Adaptive Authentication.

A few examples of this:

• When a user’s threat score exceeds a certain level – based on suspicious cloud app activity – a robust CASB system can trigger the requirement for multi-factor authentication (MFA) for that user.
• You can set policies to instantly apply to all users in a particular office, if network activity suggests a cyberthreat in progress.
• You can attach user authentication policies to a particular class of data so that the more sensitive the data being accessed, the greater the level of user authentication enforced.
• You might set a policy to add multifactor authentication using biometric identifiers – like a finger print or facial recognition. Again, on-premises, on device, in cloud.

CASB solutions ignore the physical location and provide a holistic approach to security. They build and monitor a profile of your normal behaviour, regardless of whether you’re logged on with a valid username and password. If your account suddenly starts accessing, copying or sharing data that you wouldn’t normally access, the system can adapt dynamically and step in to require additional controls.

And yes, you still need to protect the endpoint device

The average cost to an organisation for a breach of compliance-related data is $2.8M¹.

Do you have the ability to instantly lock or remotely wipe an end-user’s device if reported stolen? Can you quarantine a device temporarily while suspect user behaviour is investigated?

With CASB analytics you can harness these capabilities with new levels of sophistication to enhance security both on the device, and on the cloud services that the user accesses.

Data^#3 can help

The good news is that CASB solutions like Symantec CloudSOC can integrate with your existing security infrastructure. There’s no need to be overwhelmed by the breadth of capability – you can start where it makes sense and build out your capability from there. Data^#3 is a Symantec Platinum Partner, so if you would like to explore how to harness CASB capabilities in your organisation contact a Data^#3 security specialist.

1. Symantec (2018). Shadow Data Report. [Online] Available at: https://data3.com/wp-content/uploads/2018/10/ShadowDataReport-2018.pdf
2. Gartner (October 2016). Market Guide for Cloud Access Security Brokers. [Online] Available at: https://www.gartner.com/doc/3488119/market-guide-cloud-access-security
3. Ponemon Institute (August 2016). Closing Security Gaps to Protect Corporate Data. [Online] Available at: https://www.a51.nl/ponemon-institute-closing-security-gaps-protect-corporate-data-study-us-and-european-organizations
4. Gartner (February 2017). Magic Quadrant for Enterprise Data Loss Prevention. [Online] Available at: https://www.gartner.com/doc/3606038/magic-quadrant-enterprise-data-loss
5. Symantec (2018). Internet Security Threat Report. [Online] Available at: https://resource.elq.symantec.com/LP=5840?cid=70138000000rm1eAAA
6. Forbes – Daisyme, P (July 2018). Five Critical Business Issues in 2018 and Beyond. [Online] Available at: https://www.forbes.com/sites/theyec/2018/07/13/5-critical-business-issues-in-2018-and-beyond-to-consider/#6e011450535f
7. Petrillo, K (August 2018). Psychology of Passwords, Neglect is Helping Hackers Win. [Online] Available at: https://blog.lastpass.com/2018/05/psychology-of-passwords-neglect-is-helping-hackers-win.html/
8. Verizon (2018). Data Breach Investigation Report. [Online] Available at: https://enterprise.verizon.com/resources/reports/dbir/