Best practices for securing data stored in your team’s cloud applications
Just about every organization uses cloud applications in daily operations. Data backup, communications, file storage, and much more is now being managed in the cloud. The biggest (and most troubling) misperception about cloud computing security is that perimeter-based technology works for securing cloud applications. Improve your cloud security operations with these five cloud application security best practices.
1. Don’t Ignore Due Diligence in Cloud App Selection & Sanctioning
SaaS infrastructure security is something that most of us take for granted. We’re so used to doing business in the cloud, that we connect to tools and applications without thinking twice about potential security consequences. This cavalier approach to technology is causing information security teams a ton of grief. It’s also given rise to the term “Shadow IT”, which has expanded significantly with the use of unsanctioned, or “shadow”, cloud IT.
Every time a new application and/or platform is connected to your company’s cloud environment, a new risk is exposed. The 2018 “Data Risk in the Third-Party Ecosystem” study by Ponemon Institute reported that 59% of companies surveyed experienced a data breach caused by a vendor or third party. While SaaS vendors only make up a portion of that number, it’s a compelling and troubling trend.
As company vendor and third party relationships expand and become more complex, it is critical for information security teams to manage what vendors are being granted access to their IT ecosystem. When it comes to SaaS applications hosted and accessed in the cloud, this task is impossible without the right set of cloud security tools.
But having the right cloud monitoring tools in place is just part of the battle. Information security needs to be involved in helping teams do their due diligence in selecting vendors. Here are six steps to safe SaaS app selection:
1. Know the source: Is the app offered by a reputable developer? Is that developer active in completing updates and patches?
2. Limit excessive permissions: What types of permissions is the app requesting, and does it really need those permissions for its intended purpose?
3. Be mindful of the app’s name: Camouflage is just about the oldest trick in the book. Criminals often create look-alike and sound-alike apps to trick people into downloading them.
4. In-app purchases: Does the app require credit card information for in-app purchases? Does it need to for its intended purpose?
5. Authentication & Encryption: How does the app handle authentication? What encryption methods are used for storing and accessing data? (This is likely something your team will have to help your colleagues out with)
6. Read Reviews! Always read through the app’s reviews to understand what other people have experienced. Be wary of overly complimentary reviews, which could be faked.
2. Manage Access to Cloud Applications & User Behavior
Setting up and properly configuring Multi-Factor Authentication (MFA) and Single Sign On (SSO) is access management 101. If you don’t have these set up for your organization’s cloud applications, do it now. Seriously.
You’ll also want to make sure that you set up user groups within your main applications (typically Google G Suite and/or Microsoft Office 365) to manage who can access what. For example, not everyone in the organization needs access to business financial data or HR information. Segmenting information and only allowing access by specific users who need access to them significantly improves your data security posture.
But there is more that can be done. Account takeovers are on the rise, and can lead to all kinds of problems. Putting a block on IP address locations for logins, for example, go a long way in significantly reducing your risk of an account takeover. Monitoring for a spike in the number of failed login attempts will also help your team detect when your environment is currently under attack, so steps can be made to fortify account access. Perhaps a password change is in order. Or a simple communication to the organization to be hyper-vigilant for phishing emails can go a long way to thwarting attacks.
Monitoring for abnormal user behavior is another way to detect if an account takeover is occuring. These behaviors could include phishing emails being sent from an internal account, bulk downloading of files, and importing of files containing malware links to your shared drives.
We hate to think about it, but internal threats are also something that teams need to monitor for. Data breaches that involve disgruntled or otherwise compromised employees happen, and they are just as harmful (if not moreso) than one created externally. Customer and/or employee information, trade secrets, and financial data are all assets that an employee may decide to use for their own gain.
By monitoring user behavior, security teams can detect if information is potentially being improperly handled by internal users, as well as external attacks.
3. Cloud Phishing & Malware Threat Protection
Email is still the #1 threat vector. Protecting email, whether they are hosted in the cloud like Gmail or otherwise, should be a top concern for security teams. Cloud malware threat protection works a little differently than traditional perimeter-based security technology, like proxies and gateways. Criminals are increasingly finding ways to circumvent perimeter-based security for organizations that use cloud-based email platforms.
We’re increasingly finding that native email filters provided by Google and Microsoft are also susceptible to a significant vulnerability. These filters are set to automatically “whitelist” links coming from their own domain. Now, there are more incidents where hackers upload a file containing a malicious link to Google Drive or SharePoint, and then send the file link in an email.
Adding a cloud-specific protective layer to your cloud-based email apps is now as critical to a secure infrastructure as traditional email filters.
4. Automate & Remediate Cloud Application Security Risks
Information security teams are notoriously under-staffed and under-funded, particularly in small to mid-sized organizations. Cybersecurity awareness in the executive suite is certainly improving, but we still have a long way to go. Using tools that can help small, overwhelmed teams operate more efficiently is key.
A Cloud Access Security Broker (CASB) helps automate cloud app security risk detection and remediation 24/7. It makes each of these cloud application security best practices actually happen, day in and day out, for security teams.
Using a CASB, you can set up data loss prevention rules and policies that will automatically detect abnormal behavior, improper use of information, malware and phishing threats, shadow cloud IT, and more. The technology will then take the remediation action that you select to quarantine, delete, revoke access, etc. automatically, making your job much easier.
5. Audit & Optimize
All good cybersecurity teams consistently audit and optimize their security infrastructure and posture. Depending on the size and complexity of your data environment, this may happen on a weekly, monthly, or quarterly basis. Whatever your time scale is, make sure you are auditing your cloud security often enough, and consistently.
This is another area where CASBs can help. Using a CASB, you can set up audit reports that you would like it to run on a periodic basis. This way, you get the reports you need sent directly to you, rather than needing to set up the same report over and over again.
An audit will show you where new vulnerabilities have opened up, if you have unsanctioned apps sneaking back into your environment, etc. Keeping an eye on these risks and trends overtime will help you optimize how you’ve set up your rules and policies, making your CASB work even better for you over time.
There is no perimeter in the world of cloud computing. Using technology meant for defending a perimeter to secure cloud applications is ineffective, and creates unnecessary vulnerabilities. Following these cloud application security best practices, paired with the right kind of technology, will close the vulnerability gap while providing your security team with the visibility and control they need to do their jobs effectively in the cloud.