Four steps to protect against cloud account hijacking

Cloud computing has transformed the way we do business. But while the shift to cloud models offers the enterprise impressive cost efficiency and agility gains, the shared on-demand nature of cloud computing creates an environment that amplifies existing vulnerabilities – especially when it comes to data security issues.

As revealed in the Cloud Security Alliance’s 2016 report on cloud computing threats, the risk of data breach ranks as a top concern for cloud customers – and rightly so. The vast amount of data cloud storage providers host makes them an attractive target for cyber criminals.

According to the CSA, it’s not only the cloud service provider’s security posture that’s worrying today’s IT professionals. Cloud account hijacking – when an individual’s cloud account is accessed without permission by a third party – is another major concern keeping IT security teams awake at night.

Account hijacking is nothing new – businesses have been on high alert against methods used by cybercriminals such as phishing and fraud. But by adding cloud into the equation, the potential impact of this threat becomes significantly greater. Using stolen credentials, attackers can access critical areas of cloud computing services and leverage account access to steal or hold sensitive data to ransom, spread malicious software or redirect users to illegitimate sites.

Cloud account hijacking for the enterprise can be devastating. Confidential data can be leaked or falsified, causing significant business and reputational loss. Meanwhile, organisations operating in highly regulated industries, such as banking or healthcare, will also face stringent legal and regulatory penalties.

It’s no wonder that protecting their cloud accounts has become a top priority for businesses. There are some straightforward, yet highly effective security measures organisations can implement to keep their data secure in the cloud.

Step 1: Select a cloud service provider – do your homework

When looking at a cloud service provider it pays to do your due diligence and engage in up-front discussions on the topic of security. That includes asking about how the provider conducts background checks on employees who have physical access to servers in their data centre. You want to be confident there will be no insider risk of account hijacking or data harvesting.

Take a data-driven approach to evaluating a potential provider. Consider the number of data loss or interference incidents, the frequency with which the service provider experiences downtime, and how they manage and monitor potential vulnerabilities. You should also expect to be allowed to audit the provider’s performance in these areas.

Step 2: Secure access – apply a boot and braces approach

Ideally, you should prohibit the sharing of account credentials among users and ensure you have a strong method of authentication for cloud application users in place. Multi-factor authentication is a must-have and there are several tools on the market that require users to enter static passwords and dynamic one-time passwords, delivered via SMS, hardware tokens, or biometrics.

You should consider restricting the IP addresses allowed to access a cloud application. Some cloud apps provide tools to specify allowable IP ranges, forcing users to access an application through a corporate network or VPN only.

Step 3: Encryption – be proactive

It goes without saying you should encrypt sensitive data before it goes to the cloud – so that should a breach event occur, your data is still protected. But be aware that using encryption provided by a cloud service provider means your data may potentially be vulnerable to an insider attack. Ideally, you’ll want to control the encryption process and keys yourself. For ultimate protection, ensure the encryption key is stored separately from your encrypted data.

Step 4: Build a layered defence

Security platforms that extend to the cloud and mobile devices will further bolster enterprise data security. Platform capabilities to look out for include end-to-end encryption, application control and continuous data monitoring. The ability to control, or block, risky data activity based on behavioural and contextual factors involving the user, event, and data access type, will further extend the security layers in place.

Today’s cloud service providers are all too aware of security challenges like account hijacking and insider threats and should have good measures in place to counter these. But security professionals will need to assess the efficacy of these defence processes and systems – before adding additional layers of security to protect the enterprise and its data.

Taking advantage of the benefits the cloud has to offer begins with understanding and comprehensively managing the security risks involved. That means pursuing a multi-layered security approach to ensure that data is protected at all times.

Luke Brown, VP & GM EMEA, India and Latam at Digital Guardian

Image Credit: faithie / Shutterstock