Recent research by Gartner showed that “Through 2020, 95% of cloud security breaches will be the customer’s fault.” Massive cloud adoption by enterprises has given rise to a shared responsibility approach in securing cloud usage, where the service provider undertakes the responsibility of the infrastructure and the customer takes responsibility of the users, content and applications that utilize the cloud service. In recent years, we have seen significant improvements in security infrastructure by cloud service providers, but the customer side of the responsibility, more specifically employee behavior and usage, often remains the weakest link in the security chain.
Changing technology landscape has created IT security gaps
The adoption of cloud services is a growing trend that has increased security vulnerabilities originating from employee usage of these services. The explosion of SaaS services that are easy to use, often available at no cost, and have no deployment overheads, has led to employees circumventing IT and “self-enabling” with cloud services to get the job done and be more productive. Accessing these services via personal mobile devices has further blurred the enterprise perimeter, increased the attack service and made it very challenging for IT to maintain the level of visibility and control that they are used to in the era of on-premises application delivery to traditional desktops.
The growth in cloud based applications has also led to innovations in the cybersecurity industry. Enterprises now have access to services that specialize in securing any and all aspects of cloud usage, called Cloud Access Security Brokers (CASBs). These services act as a control point between users and cloud services and enable enterprises to enforce consistent policies across all cloud services. With this new control point, enterprises get visibility into cloud usage, detect threats from insiders and compromised accounts, and maintain compliance by enforcing data loss prevention policies, encryption and contextual access controls.
Cloud + enterprise security needed to address security vulnerabilities
In order to provide robust enterprise security, CASBs are architected to integrate and function well with existing network security components such as proxies, SIEMs and Next Generation Firewalls (NGFW). Most enterprises have already deployed these components and have established operational policies and workflows to use them. The integration of CASBs with on-premises appliances provides insight into cloud usage and helps extend the same policies and workflows to the cloud. As employees continue to adopt cloud applications, here are some ways in which they end up compromising company data and how a combination of CASB and NGFW help in addressing these vulnerabilities.
1. Employees use risky cloud services
An average company uses 1,154 cloud services and only 8.1% meet the strict data security and privacy requirements of enterprises. Employees select cloud services based on usability and rarely look at their security posture. Some of these services have significant gaps in security such as not encrypting data at rest and assuming ownership of all content uploaded to their cloud, so they can end up exposing company data to unauthorized users. A CASB can provide visibility into all cloud services accessed by employees, along with their risk ratings. IT can leverage this information and use it to apply policies within their NGFWs in order to block risky services, so they can minimize the risk of data loss through interception or theft. In instances where there is an IT sanctioned alternative service available, a CASB can use real-time coaching messages whenever employees try to access a shadow IT service and direct them towards the approved solution.
2. Employees upload sensitive or regulated data into the cloud
According to a recent Cloud Adoption and Risk Report, 15.8% of all documents uploaded to cloud-based file sharing services contain sensitive or regulated information, such as financial records, business plans, source code, trading algorithms, and personally identifiable information of customers such as social security numbers. When using shadow IT services, employees may not always exercise discretion on the sensitivity of data that they are uploading to these services and end up exposing highly sensitive data and push the organization out of compliance with industry regulations. To protect against this risk, companies use a CASB and a NGFW to define data loss prevention policies that detect sensitive data being uploaded to shadow cloud services and block these file transfers.
3. Employees exfiltrate data via cloud services
Malicious insiders pose substantial risk to enterprises because they have access to a lot of sensitive data and can easily leak this information outside the company via shadow IT services. A CASB provides IT with insight into anomalous cloud usage by using machine learning based on algorithms. By developing a user behavior model and baseline for normal activity, a CASB can detect unusual spikes in uploads or downloads indicative of data exfiltration and distinguish real threats from unusual behaviors (examples and use cases here). For example, repeated attempts to access blocked services and a download from a sanctioned service followed by an upload to a shadow IT service are activity patterns that a CASB can capture and detect. When alerted, IT can immediately respond to this threat by blocking access to the user or cloud service using their next generation firewall.
4. Employees have compromised login credentials
Earlier research has shown that 92% of companies have employee credentials for cloud services that have been compromised and are for sale on the Darknet. Employees often get their login credentials compromised either by setting weak passwords, by falling prey to spear phishing attacks or downloading malware that surreptitiously captures passwords. CASBs are able to tap into Darknet intelligence to identify user credentials that are compromised and alert the corporate IT team, who can then disable the corresponding user accounts.
Check Point and Skyhigh partner to extend enterprise security controls to the cloud
Check Point and Skyhigh networks recently announced their partnership to extend enterprise visibility, governance, and threat protection to the cloud. Check Point’s next generation firewalls provide customers with visibility, reporting and advanced threat prevention security protection, enabling employees to work freely and securely online. Employee cloud usage logs generated by the Check Point NGFW are processed and analyzed by Skyhigh to provide visibility into cloud service usage and the security risk associated with each of these services. To control access to risky services, IT can create governance policies in Skyhigh that are enforced by the Check Point security gateways. Together, Check Point and Skyhigh enable enterprise employees to adopt cloud services without compromising on security and while protecting their data and systems.