INSUBCONTINENT EXCLUSIVE:
Cloud providers including Microsoft, Google, and others, have recently acknowledged that they are struggling to deal with a spike in remote
tools usage.As organisations hastily adapt for remote working, they might fail to ensure adequate data security
In particular, cloud usage increases the risk of insider threats as 53% of organisations believe detecting insider attacks is significantly
Therefore, it has never been as important as it is today for organisations to implement proper measures to mitigate the insider threat to
protect data in the cloud.Why do remote workers pose a threat to cloud security?Firstly, remote employees use cloud applications to exchange
data, including sensitive data, and could misplace it in insecure locations which could lead to a compliance violation
spreading across SharePoint Online storage with a high risk of unauthorised access
In fact, 39% of the UK respondents to our recent survey are sure that employees in their organisations share sensitive data via cloud
corporate IT team, and as such are more prone to data breaches than their corporate PCs
Such devices are often unpatched and, therefore, vulnerable to cyber threats
Once an attacker has a foothold in the employee's device, they have "remote control" and can observe and leverage any outgoing connections
Essentially, they can gain access to all corporate cloud services the user connects to or even to the corporate network on-premises as soon
as the user establishes their VPN connection or remote desktop (RDP) session to any internal servers.In addition, an employee might lose
his/her device, or let other family members use it, which will result in unauthorised access
In some rare cases, employees copy sensitive data to their personal devices from corporate cloud storage with malicious intent, which also
is a serious security risk.Step 1: Develop security policies for remote employeesIn normal circumstances, before asking employees to work
from home, an organisation should ideally develop proper security policies with a specific focus on cloud security
basis to prevent insiders from accessing the information they do not need to do their job.In addition, it is important to establish
effective access controls as well as efficient identity verification methods such as multi-factor authentication, which will also protect
and securing their personal devices
All such measures should be implemented on an ongoing basis, with the IT team being ready to support employees with any issue when they work
know where its sensitive data resides in the cloud, it cannot ensure that remote employees are following security policies
This is particularly challenging as modern organisations use multiple clouds.In fact, McAfee has calculated that an average enterprise uses
around 1,427 distinct cloud services, while an average employee actively uses 36 cloud services at work
The more cloud services remote employees use, the more challenging it is for an organisation's IT team to track how they handle data
It means an increased risk of misplacing sensitive data and the bad PR and compliance findings that come with that
To reduce data overexposure, it is critical to have technologies in place to automatically discover sensitive data across multiple cloud
storages and classify it according to its sensitivity on a continuous basis.Step 3: Monitor user activity around sensitive dataAs the cloud
is prone to a broad range of threat vectors for data exfiltration by insiders, it is critically important for an organisation to detect such
Is it malware trying to break into the corporate network, or an insider aiming to steal customer database? All these cloud security risks,
and many others, are accompanied by anomalies in user activity
Therefore, if an organisation uses cloud computing and cloud storage, it is important to have user behaviour analysis (UBA) technologies in
place that can detect deviations from normal user behavior and alert an IT team about potential cloud threats.Examples of the most common
anomalies that indicate a threat include abnormal logon activities (such as attempts to log on from multiple endpoints, multiple subsequent
logons in a short period of time, and an unusually high number of logon failures); or data access patterns differing from the user's past
behaviour or that of their peers
It is important to note the shift from office work to remote access will probably cause initial changes in users' access patterns
Businesses can expect a higher than normal number of false positives from Machine Learning-based behaviour anomaly detection solutions in
the first couple of weeks after users move away from their central offices.Such measures will help organisations minimise insider threats in
With the subsequent economic recession that is likely to follow, cloud computing will remain a cost-effective way to run a business
A sustainable approach to cloud security will enable organisations to avoid unwanted data breaches and hefty compliance fines in the long
run.Matt Middleton-Leal is EMEA - APAC General Manager at Netwrix
