TRENDING
employees do not think twice about storing
and sharing sensitive data in the cloud,” said
Rajiv Gupta, Senior Vice President of the
Cloud Security Business, McAfee. “Accidental
sharing, collaboration errors in SaaS cloud
services, configuration errors in IaaS/PaaS
cloud services and threats are all increasing.
In order to continue to accelerate their
business, organisations need a cloud-native
and frictionless way to consistently protect
their data and defend from threats across
the spectrum of SaaS, IaaS and PaaS.”
Cloud collaboration a blessing and
a curse
Cloud services bring a momentous
opportunity to accelerate business through
their ability to quickly scale, allowing
businesses to be agile with their resources
and provide new opportunities for
collaboration. Cloud services like Box and
productivity suites like Office 365 are used
to increase the fluidity and effectiveness of
collaboration. However, collaboration means
sharing and uncontrolled sharing can expose
sensitive data. Findings of McAfee’s research
demonstrate that:
• A total of 22% of cloud users share files
externally, up 21% year-on-year
• Sharing sensitive data with an open,
publicly accessible link, has increased by
23% year-on-year
• Sensitive data sent to a personal email
address also increased by 12% year-
on-year
To secure sensitive data in cloud storage,
file-sharing and collaboration applications,
organisations must first understand which
cloud services are in use, hold their sensitive
data and how that data is being shared
and with whom. Once organisations have
gained this visibility, they can then enforce
appropriate security policies to prohibit
highly sensitive data from being stored
in unapproved cloud services and provide
guardrails that prevent non-compliant
sharing of sensitive data from approved
cloud services, such as when data is shared
with personal email addresses or through an
open, public link.
IaaS and the risks of misconfiguration
With SaaS, securing data, user identity and
access to data is primarily the customer’s
22
INTELLIGENTCIO
responsibility. With IaaS, customers
take on a much larger share of security
responsibility that includes data, identity,
access, applications, network controls and
host infrastructure.
While this provides customers with an
opportunity to have greater control over
their cloud infrastructure, it also increases the
organisation’s surface area for security risks
and their responsibility for the same.
IaaS providers, like Amazon Web Services
(AWS), provide several infrastructure and
platform services, each having deep and
complicated security settings. Magnifying
the IaaS/PaaS security challenge is the fact
that organisations use multiple IaaS/PaaS
vendors running several instances of each
vendor’s product. The research found:
• A total of 94% of IaaS/PaaS use is AWS,
but 78% of organisations using IaaS/
PaaS have both AWS and Azure
• Enterprise organisations have an average
of 14 misconfigured IaaS/PaaS instances
running at one time, resulting in over
2,200 individual misconfiguration
incidents per month
• A total of 5.5% of AWS S3 buckets have
world read permissions, making them
open to the public
McAfee recommends that organisations
continuously audit and monitor their AWS,
Azure, Google Cloud Platform and other
IaaS/PaaS configurations as a standard
security practice, while protecting data
stored in IaaS/PaaS platforms.
behaviours and 31.3 are actual threat
events. In addition:
• Threat events in the cloud, such as a
compromised account, privileged user,
or insider threat, have increased 27.7%
year-on-year
• A total of 80% of all organisations
experience at least one compromised
account threat per month
• A total of 92% of all organisations have
stolen cloud credentials for sale on the
Dark Web
• Threats in Office 365 have grown by
63% year-on-year
To get ahead of comprised accounts
and insider threats, organisations should
understand how cloud services are used.
They should also identify anomalous
behaviour, such as when the same user
accesses the cloud from disparate locations
simultaneously, which could indicate a
compromised account threat.
McAfee advises that, as a first step
towards protecting data in the cloud, cloud
access security brokers (CASB) should be
implemented. CASBs are cloud-native
services that enforce security, compliance
and governance policies for cloud services.
They help organisations leverage and
extend their existing security controls where
appropriate and define and deploy new
cloud-native ones where appropriate to
enable enterprises to consistently protect
their data and defend from threats across
the spectrum of SaaS, IaaS and PaaS. n
IaaS/PaaS use is growing rapidly as an
alternative to on-premise data centres.
Businesses need to get ahead and address
their security responsibilities – data
protection and threat defence as they would
for SaaS cloud services and configuration
compliance and workload protection for
IaaS/PaaS cloud services – before they
experience a security incident.
Compromised accounts and
insider threats
Most of the threats to data in the cloud
result from compromised accounts and
insider threats. The average organisation
generates over 3.2 billion events per month
in the cloud, of which 3,217 are anomalous
Rajiv Gupta, Senior Vice President of the
Cloud Security Business, McAfee
www.intelligentcio.com