Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

To Combat a New Wave of Threats, Get Your Head in the Cloud

If you want to tell someone to be more realistic you might say: “Get your head out of the clouds.” But in fact, you have to do the exact opposite if you’re an IT security professional charged with managing security in today’s increasingly cloud-based world.

If you want to tell someone to be more realistic you might say: “Get your head out of the clouds.” But in fact, you have to do the exact opposite if you’re an IT security professional charged with managing security in today’s increasingly cloud-based world.

What you need to do is get your head in the cloud in order to understand a new wave of threats and identify ways to strengthen defenses. I’m not just talking about the benefits of using the cloud for security – unlimited storage capabilities for global threat intelligence and historical data, powerful processing capabilities for security analytics, and the ability to deploy security technologies to even the most remote outposts. You also need think about how attackers are now banking on the increasing usage of Software as a Service (SaaS) apps and the advent of Shadow IT and resulting Shadow Data (as I discussed previously) to steal valuable digital assets. These attacks often incorporate basic tactics but with a modern twist.

Security Risks of Cloud AppsTake for instance the String of Paerls attack. The approach starts with spear phishing, targeting specific individuals with email messages that contain a malicious Microsoft Word attachment that poses as an invoice. But when the document is opened it triggers a macro that downloads malware from Dropbox and then launches the malware on victims’ machines. As another example, so called “Man in the Cloud” attacks steal a token from a user’s account with a cloud-based service and use it to add a device to the account without the owner’s knowledge. And then there’s ransomware which encrypts users’ files and provides the keys for decryption only after users pay a “ransom.” Ransomware can be delivered through a number of vectors including endpoints that subscribe to cloud-based storage solutions such as Dropbox, Google Drive, and OneDrive. Attackers can also use the credentials to encrypt backed-up cloud storage data, further vexing users.

So how can you go about getting your head in the cloud?

To ensure you understand and can address the main security challenges cloud apps can introduce to your organization, you need additional visibility and context. Start by ask yourself the following questions:

1. Do I know which cloud apps employees are using and how risky they are?

To help solve the Shadow IT problem, you need to be able to see a complete list of all cloud apps that employees are using and understand the level of risk associated with each app. A cloud app that is considered “enterprise quality” supports multiple enterprise security requirements. With a complete list of cloud apps in use and their associated risks levels, you can decide whether an app should be sanctioned or blocked.

2. Do I know what files and data are exposed through these cloud apps?

Even sanctioned apps can be used in unsanctioned ways, creating Shadow Data. By requiring employees to use corporate provided credentials to access sanctioned apps, you can access the data and metadata of all users within the cloud app, gain visibility into SaaS content, and assess risk.

3. Can I control the sensitive data shared through cloud-based apps?

File sharing is much more fluid in a cloud-based world and sooner or later value data can end up in the hands of someone who shouldn’t have it. You need a comprehensive way to prevent sensitive data and compliance-related information from being uploaded to sanctioned and unsanctioned apps.

4. If an attack happens, can I get to the bottom of it and set policy to prevent future attacks?

As the examples above show, hackers target cloud app users with weak passwords on their accounts, or target users with malware meant to take advantage of the sharing potential of cloud apps. With visibility into traffic activity and the ability to detect anomalies you can then conduct further investigation to detect malicious activity and take quick and decisive action.

The cloud is transformative in its impact to create new business models, enable more effective collaboration, and increase productivity and agility, but it also adds increased risk of malicious or accidental leakage of business-critical data. Only by getting your head in the cloud can you fully understand the risks of each app, control how users share and access data, and combat zero-day malware.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility