Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

To Combat a New Wave of Threats, Get Your Head in the Cloud

If you want to tell someone to be more realistic you might say: “Get your head out of the clouds.” But in fact, you have to do the exact opposite if you’re an IT security professional charged with managing security in today’s increasingly cloud-based world.

If you want to tell someone to be more realistic you might say: “Get your head out of the clouds.” But in fact, you have to do the exact opposite if you’re an IT security professional charged with managing security in today’s increasingly cloud-based world.

What you need to do is get your head in the cloud in order to understand a new wave of threats and identify ways to strengthen defenses. I’m not just talking about the benefits of using the cloud for security – unlimited storage capabilities for global threat intelligence and historical data, powerful processing capabilities for security analytics, and the ability to deploy security technologies to even the most remote outposts. You also need think about how attackers are now banking on the increasing usage of Software as a Service (SaaS) apps and the advent of Shadow IT and resulting Shadow Data (as I discussed previously) to steal valuable digital assets. These attacks often incorporate basic tactics but with a modern twist.

Security Risks of Cloud AppsTake for instance the String of Paerls attack. The approach starts with spear phishing, targeting specific individuals with email messages that contain a malicious Microsoft Word attachment that poses as an invoice. But when the document is opened it triggers a macro that downloads malware from Dropbox and then launches the malware on victims’ machines. As another example, so called “Man in the Cloud” attacks steal a token from a user’s account with a cloud-based service and use it to add a device to the account without the owner’s knowledge. And then there’s ransomware which encrypts users’ files and provides the keys for decryption only after users pay a “ransom.” Ransomware can be delivered through a number of vectors including endpoints that subscribe to cloud-based storage solutions such as Dropbox, Google Drive, and OneDrive. Attackers can also use the credentials to encrypt backed-up cloud storage data, further vexing users.

So how can you go about getting your head in the cloud?

To ensure you understand and can address the main security challenges cloud apps can introduce to your organization, you need additional visibility and context. Start by ask yourself the following questions:

1. Do I know which cloud apps employees are using and how risky they are?

To help solve the Shadow IT problem, you need to be able to see a complete list of all cloud apps that employees are using and understand the level of risk associated with each app. A cloud app that is considered “enterprise quality” supports multiple enterprise security requirements. With a complete list of cloud apps in use and their associated risks levels, you can decide whether an app should be sanctioned or blocked.

2. Do I know what files and data are exposed through these cloud apps?

Even sanctioned apps can be used in unsanctioned ways, creating Shadow Data. By requiring employees to use corporate provided credentials to access sanctioned apps, you can access the data and metadata of all users within the cloud app, gain visibility into SaaS content, and assess risk.

Advertisement. Scroll to continue reading.

3. Can I control the sensitive data shared through cloud-based apps?

File sharing is much more fluid in a cloud-based world and sooner or later value data can end up in the hands of someone who shouldn’t have it. You need a comprehensive way to prevent sensitive data and compliance-related information from being uploaded to sanctioned and unsanctioned apps.

4. If an attack happens, can I get to the bottom of it and set policy to prevent future attacks?

As the examples above show, hackers target cloud app users with weak passwords on their accounts, or target users with malware meant to take advantage of the sharing potential of cloud apps. With visibility into traffic activity and the ability to detect anomalies you can then conduct further investigation to detect malicious activity and take quick and decisive action.

The cloud is transformative in its impact to create new business models, enable more effective collaboration, and increase productivity and agility, but it also adds increased risk of malicious or accidental leakage of business-critical data. Only by getting your head in the cloud can you fully understand the risks of each app, control how users share and access data, and combat zero-day malware.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.