The cloud gives an enterprise power, flexibility, scale and control. It’s an enormous set of computing power created by an interconnected, global information technology infrastructure.
It surrounds businesses and individuals and empowers them. It binds the global economy together. Similarly, the Force gives a Jedi its power, making it possible to perform tremendous feats and amplify abilities. It is an energy field created by all living things. It surrounds us and binds the galaxy together.
While the Force can be used for good, it has a dark side that, when pursued, imbues users with evil and aggression. The same can be said for the cloud, which offers a myriad of benefits but needs to be secured to ensure its power is harnessed for good. What are the security certifications and protocols of these clouds? Where is corporate data held? How is it protected? Who has access to it? How long does the cloud provider maintain copies of data?
Robert Arandjelovic, Director of Security Strategy at Blue Coat has got the three following ways to protect against the dark side:
1. Attackers obfuscate malware communications when a worm, virus or botnet “phones home” to send stolen data to a master computer
Malware families also use encryption to hide network information, including passwords or sensitive data, such as stolen bank account information, they are sending out to cloud-based servers. In fact, according to CGI Security, it’s actually easier to attack an organisation through applications that use encryption than those that don’t. For example, an initial phish would go undetected because the Intrusion Prevention system did not include SSL visibility capability to look inside and identify the malware, and the enterprise’s firewalls were not sounding any alarms to block the packets. Also, malware families such as Zeus are notorious for using encryption and other tricks to hide their command and control (C&C) communications from security-monitoring devices.
What to do about it: Ensure the organisation has visibility into SSL-encrypted cloud traffic. That means using SSL visibility tools that work with secure network gateways and other advanced edge security to inspect the traffic once it’s decrypted.
2. Attackers look for weaknesses on the perimeters of the cloud such as insecure interfaces and APIs
IT admins rely on interfaces for cloud provisioning, management, orchestration, and monitoring. APIs are integral to security and availability of general cloud services. Cloud Security Alliance reports highlight that as organisations and third parties build on these interfaces to build add-on services, complexity increases since organisations may be required to relinquish their credentials to third parties in order to enable their use of cloud systems. This complexity can introduce avenues for credentials to be hijacked. These credentials can then be used to access data in cloud systems.
What to do about it: Encrypt or tokenise the data before it goes into cloud-based systems, so if the dark side does access the cloud, they will find that they only get access to meaningless replacement values.
3. The dark side can sometimes cause cloud users to forget about corporate guidelines for sensitive data
Such sensitive data includes healthcare data or payment card details, which cannot be stored in public cloud environments, or that certain end users in specific locations cannot access clouds that have risky profiles.
What to do about it: Control Shadow IT. Determine which clouds are being used, the relative risk of thesse clouds, and what types of data are being sent to these clouds. Armed with this knowledge, use technologies like cloud access security brokers (CASB) to monitor user behaviour for anomalous activity, and take proactive steps such as encrypting sensitive data so cloud use is secure. Specific steps include:
- Restrict employee access to the myriad of new cloud applications that have sprung up in the past 5 years. Take advantage of cloud intelligence data feeds that can help your organisation understand the relative risks of using certain cloud applications.
- Set policies to block specified data types from leaving the organisation via Data Loss Prevention (DLP) solutions that continually scan for things like patient data, credit card information and social security numbers.
- Inspect content coming from cloud applications to the enterprise, doing deep content analysis to prevent malware and other advanced threats from penetrating organisations.
Enterprises can and should have a clear and comprehensive understanding of the threats – both internal and external – to their cloud infrastructure and data, and use the abovementioned tips as a guide to address them with the most effective IT security approaches and technologies.
Harnessing the power of the cloud for good carries massive business and technology benefits if the risks are proactively and wisely managed.
Image source: Shutterstock/faithie