The cloud gives an enterprise power, flexibility, scale and control. It’s an enormous computing power created by an interconnected, global information technology infrastructure. It surrounds businesses and individuals and empowers them. It binds the global economy together. Similarly, the Force gives a Jedi its power, making it possible to perform tremendous feats and amplify abilities. It is an energy field created by all living things. It surrounds us and binds the galaxy together.
While the Force can be used for good, it has a dark side that, when pursued, imbues users with evil and aggression. The same can be said for the cloud, which offers a myriad of benefits but needs to be secured to ensure its power is harnessed for good. What are the security certifications and protocols of these clouds? Where is corporate data held? How is it protected? Who has access to it? How long does the cloud provider maintain copies of data?
Courtesy of Blue Coat (News - Alert), here three ways to protect against the dark side:
- The evil force: Attackers obfuscate malware communications when a worm, virus or botnet “phones home” to send stolen data to a master computer. Malware families also use encryption to hide network information, including passwords or sensitive data (such as stolen bank account information) they are sending out to cloud-based servers. In fact, according to CGI Security, it’s actually easier to attack an organization through applications that use encryption than those that don’t. For example, an initial phish would go undetected because the Intrusion (News - Alert) Prevention system did not include SSL visibility capability to look inside and identify the malware, and the enterprise’s firewalls were not sounding any alarms to block the packets. Also, malware families such as Zeus are notorious for using encryption and other tricks to hide their command and control (C&C) communications from security-monitoring devices.
- What to do about it: Ensure the organization has visibility into SSL-encrypted cloud traffic. That means using SSL visibility tools that work with secure network gateways and other advanced edge security to inspect the traffic once it’s decrypted.
- The evil force: Attackers look for weaknesses on the perimeters of the cloud such as insecure interfaces and APIs. IT admins rely on interfaces for cloud provisioning, management, orchestration, and monitoring. APIs are integral to security and availability of general cloud services. Cloud Security Alliance reports highlight that as organizations and third parties build on these interfaces to build add-on services, complexity increases since organizations may be required to relinquish their credentials to third parties in order to enable their use of cloud systems. This complexity can introduce avenues for credentials to be hijacked. Theses credentials can then be used to access data in cloud systems.
- What to do about it: Encrypt or tokenize the data before it goes into cloud-based systems, so if the dark side does access the cloud, they will find that they only get access to meaningless replacement values.
- The evil force: The dark side can sometimes cause cloud users to forget about corporate guidelines that specify that regulated and sensitive data, such as healthcare data or payment card details, cannot be stored in public cloud environments, or that certain end users in specific locations cannot access clouds that have risky profiles.
- What to do about it: Control Shadow IT. Determine which clouds are being used, the relative risk of these clouds, and what types of data are being sent to these clouds. Armed with this knowledge, use technologies like cloud access security brokers to monitor user behavior for anomalous activity, and take proactive steps such as encrypting sensitive data so cloud use is secure and the enterprise can live long and prosper (oops, that is the other movie franchise). Specific steps include:
- Restrict employee access to the myriad of new cloud applications that have sprung up in the past 5 years. Take advantage of cloud intelligence data feeds that can help your organization understand the relative risks of using certain cloud applications
- Set policies to block specified data types from leaving the organization via Data Loss Prevention (DLP) solutions that continually scan for things like patient data, credit card information and social security numbers
- Inspect content coming from cloud applications to the enterprise, doing deep content analysis to prevent malware and other advanced threats from penetrating organizations.
Enterprises can and should have a clear and comprehensive understanding of the threats – both internal and external – to their cloud infrastructure and data, and use the abovementioned tips as a guide to address them with the most effective IT security approaches and technologies. Harnessing the power of the cloud for good carries massive business and technology benefits if the risks are proactively and wisely managed.
Gerry Grealish leads the marketing strategy for Blue Coat's Cloud Data Protection Platform. Previously, Gerry was CMO of Perspecsys and also ran Product Marketing for the TNS (News - Alert) Payments Division, helping create the marketing and product strategy for its payment gateway and tokenization/encryption security solutions.
Edited by Kyle Piscioniere