Cyber security in a cloud world
Some useful advice for managing the security of your data in today’s increasingly cloud-based world.
A recent posting in Security Week begins by enumerating several benefits the cloud may provide to strengthen security – “unlimited storage capabilities for global threat intelligence and historical data, powerful processing capabilities for security analytics, and the ability to deploy security technologies to even the most remote outposts.” However, author Marc Solomon cautions that security teams need to “think about how attackers are now banking on the increasing usage of Software as a Service apps based in the cloud and the advent of Shadow IT to steal valuable digital assets.
Being able to understand and address the main security challenges cloud apps can introduce to your organization requires visibility into what data is stored in the cloud as well as the contextual factors of how that data is being accessed or used. To help the reader, he lists and explains several questions to ask:
- Which cloud apps are employees using and what risks do they add?
- What files and data are exposed through these cloud apps?
- Can I control the sensitive data shared through cloud-based apps?
- If an attack happens, can I get to the bottom of it and set policy to prevent future attacks?
File sharing is much more fluid in a cloud-based world. Hence, you need a comprehensive way to prevent sensitive data from being uploaded for inappropriate sharing. This visibility into data and activities provides the ability to detect anomalies, conduct further investigation and take quick and decisive action.
There’s no arguing that, as Solomon puts it, the cloud is “transformative in its impact to create new business models, enable more effective collaboration, and increase productivity and agility.” However, being able to take advantage of these features requires that business take measures to address the increased risk of malicious or accidental leakage of protected or other sensitive business-critical data within and beyond the traditional security perimeter – including cloud storage. Those measures will require a combination of the right technology, security policies, and an educated user base. As Solomon is quick to point out, this can only be achieved by creating an organizational security culture in which all stakeholders work together toward building a strong defense will be most likely to thrive under the immense pressures coming from cyberattacks.