Today’s CISOs have their head in the clouds – squarely focused on the need for cloud security.
Yet despite this collective focus, the approaches differ; some call for protecting the servers while others want to focus on retraining employees about what they should or shouldn’t upload, download, collaborate on, etc. This often gives rise to an array of new restrictions and monitoring policies. While these approaches usually originate from the server, I’d like to highlight new ones that will make your cloud platform more secure, and that should be a priority to fortifying cloud security.
1. Protecting the device is just as important as protecting cloud services accessed
No one seems to talk about the fact that the operating system (OS) providers are the most effective at device protection. They are highly capable of addressing almost any breach within zero-day timing. The rising number of mobile devices that workers use to access corporate resources is surfacing other vulnerabilities, such as theft, human neglect, or plain irresponsibility. For example, if a device is rooted, or an app is sideloaded, all cloud services that the device accesses can be jeopardized.
One might think that user education is enough to solve this problem, and that it is the user’s responsibility to behave responsibly. Yet even the most responsible and security-minded user can still be a risk. And, while the user may not have rooted the device themselves, it is still in the danger zone. The user might download sensitive data to the device, use a hotel computer that has a keylogger installed on it, and sideload apps on a private device, etc.
Thus, any of these actions makes it easier for a malicious party to hack the device and root it in a way that will probably have no visibility and will be undetected by the user – at least not until it is too late. Rooting, sideloading, disabling an encryption, password removal, a non-patched OS – these are just some of the ways that introduce an imminent risk to the device, and by proxy, to cloud usage. Strong cloud protection needs visibility into the device security posture and the ability to mitigate risks once identified.
2. The network is the most overlooked security risk
Yet protecting the device and the cloud won’t mean anything if the network connecting them is compromised. With today’s workplace flexibility, employees are much more likely to work remotely from public places. Wireless networks come in a variety of forms: some are easy to identify and categorize on the scale of safe to risky, while others are unfamiliar and inhabit the grey area in between. Users don’t always pay enough attention to the network to which they are connecting. Sometimes users really don’t understand the danger, and other times they are only focused on finding the fastest way to connect to the web so they can continue working with minimal interruptions. From a neighborhood coffee shop, to a hotel room or airport, employees often connect through public networks directly to the company’s cloud services. An unfamiliar network connection leaves a user with very little protection from hackers, thus risking the employer’s cloud and its entire cloud security chain. From commjacking to KRACK, the network seems to be the weakest part of the chain.
Unfortunately, many think that denying any public network access is the ultimate solution, but is it a realistic approach? Workers using private devices are always looking for the easiest, most convenient solution, and even after just a single bad user experience, going forward they will find a way to bypass the network security restrictions to continue working as they see fit. It is also a misleading known fact that all public networks are risky, when in fact not all open networks are malicious. While what is connected on each end of the network – the device and the cloud – both have built-in gatekeepers; this rarely exists for the network itself.
Therefore, it’s crucial to monitor network behavior and quickly and thoroughly analyze suspicious networks so that rogue networks that have been compromised are identified before any damage is done. Securing the cloud demands protecting the network’s posture to ensure continuous credibility with all users and this means from its security and encryption settings all the way to the network’s routing path across IP networks. After all, what good is it having a robust device security posture if it is connected to a compromised network that can then be used to steal the user’s’ credentials, intercept corporate data, or remove encryption?
3. Understanding user behavior is critical to ensure safe usage and collaboration
Malicious actors may seem like the starting point when discussing any security matter, but the inside threat should be the real corporate security priority. A user doesn’t need to have malicious intentions in order for their actions to be dangerous. Typically, a user is not even aware of the impact their actions might have on an operation. A user profile can be divided into three sections: user role, user behavior, and collaboration patterns.
The user’s role is an important aspect for the kinds of permissions, access, and reasonable behavior might be expected. Good security access policies will help here. For example, while an admin may be granted broad permissions, perhaps they shouldn’t be given access to AWS from a non-corporate network. A marketing associate should probably not have access to the Finance Dropbox directory.
User behavior should be treated like a map with tracks on it. From the usual locations where the user operates, to the specific hours they are typically active, to the typical services they access. After mapping their digital footsteps on a user’s virtual map, any anomaly should alert the system and act on the pre-implemented security policy assigned to it. Unusual anomalies signal strong red flags. For example, monitoring the device’s geo context can show that a user is trying to log in from Asia, while his devices are located in NYC. Or, a user that usually downloads 2 to 3MB of documents per work day, suddenly attempts to download 3GB of documents at 3 o’clock in the morning.
As for collaboration patterns, anything that can be shared with collaborators should be monitored. That includes which permissions are granted, to which groups that users are active, to what information users have access to and can share if needed. Only a system that can understand the user’s behavior can mark a user as trusted and warn a user from performing activities that might present a risk.
Device protection, network security and user behavior are three factors that are collectively each an integral part of the chain securing the cloud. They are a part of a security chain containing the server itself, adding to it but equally important nonetheless. Focusing on these three little-known factors in tandem with other critical parts of the security chain will create more formidable cloud security. CISOs won’t have to worry about having their head in “the Clouds” because their feet will be squarely rooted in the right cloud security approach.
This article is published as part of the IDG Contributor Network. Want to Join?