In today’s increasingly flexible work environment, many organizations implement and rely on cloud services like Salesforce®, Google Apps for Business™, Microsoft® Office 365™ and Box to streamline business functions, increase resource utilization and enhance corporate elasticity. Yet without proper data protection, enterprises run the risk of exposing sensitive, proprietary information.
Cloud service providers (CSPs) and their customers share responsibility for security. While cloud service providers have seen improvements in securing their platforms and offering tools to help with security, customers find it difficult to keep up with all of the responsibilities related to securing their apps. Gartner predicts that through 2020, 95 percent of cloud security failures will be the customer’s fault.
To avoid such failures, Ganesh Kirti, CTO of Palerra, has put together a list of the five most common mistakes that enterprises make and provides suggestions for keeping your cloud environment safe moving forward.
Keeping Your Cloud Environment Safe
Click through for the five most common mistakes that enterprises make, as well as suggestions for keeping cloud data safe, as identified by Ganesh Kirti, CTO of Palerra.
Weak Expiration Policies
Weak expiration policies for authenticated sessions (tokens and cookies)
End users, employees, mobile devices and third-party applications all connect to your cloud applications. Whenever a user or a client program logs into a cloud application, they receive an authenticated session from the application. In many cases, those sessions are left open after the interaction is complete. A hacker who gains access to this session has essentially found the key to take over the user’s session and assume the identity of that user. This is a very dangerous attack that compromises all of your cloud data.
To limit this exposure, you can create a strong policy to automatically end sessions for users and clients that are inactive for more than 30 minutes.
Zombie accounts: Employees who are no longer with the company but still have access
Companies use many SaaS applications to keep their critical business functions working. Typically, employees have individual accounts in each SaaS application. We often see companies continue to experience transactions in their SaaS applications from accounts of employees who left long ago. In general, these transactions originate from third-party applications that the ex-employees configured. These accounts can end up in the hands of hackers or malicious ex-employees, causing data leakage and non-compliance with internal and external regulations.
Organizations need to create and follow a process to immediately de-provision unused (zombie) user accounts.
Overly Privileged Accounts
Overly privileged accounts (users who have more privileges than they need)
In general, administrative roles allow access to highly privileged data and actions. Only a limited number of trusted people should have these roles. Granting administrative roles to non-administrative (or the wrong) users can jeopardize the security of data, creating opportunities for data leakage and compliance violations due to separation of duties (SoD) concerns.
You need to continuously monitor privileged users in your cloud applications and remove any privileges that are not required.
Accidental Sharing of Sensitive Data
By monitoring the usage of documents in various clouds (Google Drive, Box, and Office 365), Palerra has found that employees frequently share corporate documents outside the organization. They also share or send documents to private (non-corporate) email accounts. Some of these documents are available for anonymous download, with no security controls in place. Data shared outside the enterprise can present various risks, including data breach.
Anomalous User Behavior Threats
Palerra has repeatedly detected suspicious user behavior patterns accessing data due to the following reasons:
- malicious user activity due to over privileges granted to them
- compromised user accounts gone undetected
- users access cloud systems with multiple email IDs
- users share account credentials with fellow employees
- routinely sharing service accounts with multiple third-party applications
Anomalous user behavior could be a sign of a data ex-filtration threat.
To mitigate these threats, organizations need to discern suspicious user behavior from normal behavior to detect earliest signs of threats, and resolve them before data ex-filtration begins. Leverage user behavior analytics (UBA) tools to analyze insider and outsider access patterns to detect abnormal user behavior.
Like other business services, you must manage and secure your cloud services using monitoring and security tools. With the right strategies, your cloud environment can be kept one step ahead of the hackers and malicious users.