Cloud Security: No Time To Lose
Why your CIO cannot afford to waste a minute on the cloud in 2018.
Tribune by André Stewart, VP EMEA, Netskope – Right now, your company’s teams are busy uploading files to/from the cloud and sharing them through it. Finance specialists access a shared spreadsheet, creatives share videos with a customer … In the space of a minute, what else could happen in the cloud?
If the activities that take place there are extremely numerous, they turn out, for the most part, anarchic and escape all control. It’s a safe bet that your CIO and your IT department are unaware of the data that is shared and do not know, therefore, whether or not these operations are secure. Because your employees have access to thousands of applications and participate in cloud-based activities, these access points are vulnerabilities that can be exploited by attackers to break into your network.
With the RGPD looming, it is imperative that CIOs and IT departments be able to demonstrate that they are in control of the data entrusted to them. Because the volume of in-house cloud activity is largely uncontrolled and out of control, cloud security is likely to be the company’s Achilles heel in compliance.
There are four critical areas where CIOs and other leaders can refocus to enhance cloud security for their businesses in 2018.
HMA Pro VPN
Departments in the line of fire of cloud security
According to the latest Netskope report on the cloud, the HR and Marketing clusters are the ones that use cloud services the most, currently averaging 139 and 121 services respectively. It would be legitimate to be concerned about this pole position of the HR department, which often leverages applications driven by users storing personal information.
The marketing cluster is also likely to be a target of choice for malicious actors, as many marketing applications storing valuable data now fall under shadow IT or unapproved categories. The Finance and Accounting departments have nothing to envy to the HR and Marketing divisions since they operate an average of 63 services – 94% of which are not ready for the company.
Services not ready for the business
In the company, the use of 1,181 cloud services, on average, in December 2017 represents a significant increase compared to the average of 1,022 observed in September 2017. The most staggering is that 93% of cloud services used in all departments are not ready for the business.
To dispel this area of uncertainty and reach a compliance point, CIOs must begin by introducing contextual rules at the level of each activity. A Cloud Access Security Broker (CASB) lets you upgrade services that are not enterprise-ready by applying granular control. CIOs also need to “educate” employees and ensure that they are putting into practice the training they receive to enhance overall security.
In the fourth quarter of 2017, 54% of the data loss prevention offenses were against cloud storage. Given this figure, CIOs need to be aware that the threat landscape will swarm with attacks targeting the cloud in 2018.
The tsunami RGPD
As the RGPD tidal wave approaches, companies are closing hatches and bracing for the May deadline. While leaders are rallying around the 2018 compliance goals and other challenges, cloud security is likely to lead to the loss of many of them.
The RGPD is currently at the forefront of thinking about coaching, especially at CIOs, and it turns out that cloud security is in bad shape for more than one reason. First, for 68% of cloud services used by Netskope customers, there is no indication that the customer owns the data, and 81% of the services do not support rest encryption.
During the few days that elapse between the entry into force of the GDPR, it is essential that the CIOs start tracking all the data because the slightest oversight could hide a dangerous breach of compliance.
The rise of malware around cryptocurrencies
If there is one type of persistent attack that should continue to play a role in 2018, it is the one of malware facing banks and cryptocurrencies. Those based on PowerShell are also used for a while and very effective against the companies that equip their workstations with antivirus solutions, as this protection proves incapable of guaranteeing effective results in terms of analysis and remediation. Companies must implement several levels of protection against the threats. Coupon: CEL7N
The presence of multiple checkpoints greatly complicates the task of the attackers, who have trouble hiding in the cloud traffic. Another effective tactical approach to creating a bottleneck to guard against these attacks is to put in place data analysis rules for file downloads to/from the cloud to detect malware. impact of attacks targeting the cloud can also be serious. Netskope’s Threat Research Labs team found that 81 percent of malware attacks found in the cloud were in a high range, with only 19 percent in a low range.
This year, cloud security simply can not be ignored; the threat landscape is teeming with danger and we must not forget that the RGPD’s ax will fall immediately for those who will leave the door open. CIOs can significantly reduce risk by following Netskope guidelines. Adopt contextual rules for each activity, upgrade services that are not business-ready by accessing a CASB, and multiple levels of protection against threats!Tags: Cloud Security, data