Posts

Where Cloud Security Fits In Your Cybersecurity Infrastructure

A Multi-Layered Cybersecurity Infrastructure Protects Data Both Inside and Outside Your Network

Everyone is aware that cybersecurity is critical for all types and sizes of organizations. But with cloud computing being relatively new, many don’t fully understand where cloud security should fit in their cybersecurity infrastructure.

The goal of each component, or layer, of your cybersecurity infrastructure is to protect against malicious or improper use of your school district’s information systems and/or data. But each does it in very different ways, based on the underlying technology of the system it’s designed to protect. These systems often include databases, endpoints, networks, and cloud applications.

Let’s take an overview of a multi-layered cybersecurity infrastructure, and discuss where and how cloud security fits into it.

What is a Multi-Layered Cybersecurity Infrastructure?

Multi-layered cybersecurity is an approach to network and data security that uses a number of different components to achieve prevention, detection, remediation, and discovery objectives. Your infrastructure is simply the tools, appliances, platforms, etc. that you use to maintain your cybersecurity strategy.

A multi-layered approach is considered a best practice for a couple of reasons. First, though there has been a good amount of consolidation in the cybersecurity market, no one solution does everything. Nor is there one solution that does everything very well. A multi-layered approach allows IT and cybersecurity teams the ability to integrate “best of the best” solutions to their infrastructure’s various needs.

Second, a multi-layered approach builds redundancy, or checks and balances, into your district’s cybersecurity infrastructure. We tend to think of redundancy as a bad thing in everyday life, but in cybersecurity it is critical. By creating layers that overlap a little, yet work well together, your cybersecurity infrastructure is better configured to prevent—or at least detect and remediate—incidents.

If your school district is using Google G Suite and/or Microsoft Office 365—whether you’re all-in or just using some apps—cloud security needs to become another layer in your cybersecurity infrastructure.

Why? Because, simply put, there is no perimeter in the cloud. Traditional security solutions, such as firewalls (even “next gen” firewalls), secure web gateways (SWG), and message transfer agents (MTA) don’t protect cloud applications. They are built to protect your network perimeter, not data stored in the cloud.

Once unauthorized access is able to break into your perimeter, none of these devices are going to protect the information stored in your district’s cloud applications. Or, worse yet, if someone within the school district is using information inappropriately (either intentionally or accidentally), these devices won’t detect that kind of behavior at all.

This is why zero trust security is becoming a popular approach to K-12 cybersecurity. Zero trust security puts checks and balances into place that trusts no one, whether it’s seemingly an authorized account or not.

[FREE GUIDE] Configure Your G Suite & Office 365 Security Settings With Your Free Cloud Security Checklist >>

Your Layered Cybersecurity Infrastructure

While a multi-layered cybersecurity infrastructure approach is preferred, it can also get out of hand. The dizzying array of different products and vendors available makes it all a bit overwhelming. This is why it’s important to have a strategy that outlines the specific needs of your district and the information you store.

Your cybersecurity infrastructure should cover the following six categories.

1. Infrastructure Security

Infrastructure security refers to securing the critical infrastructure underlying your entire IT system. Your approach to infrastructure security depends heavily on how your environment is configured. For example, if you have a lot of data assets stored on-premise, in servers, your infrastructure security approach will look one way. If your school district has migrated most or all of your data to the cloud, it will look very different.

With cloud computing, the majority of infrastructure security is outsourced to the vendor. Meanwhile, on-prem infrastructures require internal staff or a managed service provider to maintain infrastructure stability and security.

2. Identity and Access Authentication

Also often referred to as identity and access management (IAM), this layer of your cybersecurity infrastructure is like the lock on your front door. When a user tries to access their account, they need to authenticate that they are who they say they are, and should be granted access. This doesn’t just refer to platform or application logins. It also includes phone and laptop passwords, network access, etc.

3. Endpoint Security

Endpoint security, or endpoint protection, covers the devices that are used to access your district’s network. Endpoints include things like computers, laptops, smartphones, tablets, and servers.

4. Network Security

Network security protects the underlying connections and interactions between all endpoints connected to the network. Network security is the layer of your cybersecurity infrastructure that most of us think about when we think about cybersecurity. It is where your firewalls, SWGs, MTAs, etc. are organized in the infrastructure.

Some cybersecurity infrastructure models separate network security and perimeter security. This isn’t wrong. But my argument here is that network security mostly focuses on defending the perimeter. While there are differences, network and perimeter technologies have largely consolidated over the years.

5. Cloud Security

Cloud security protects information stored, accessed, and shared in the cloud. It is very different from network security, mainly due to the fact that the cloud is outside of your network. This placement renders network security basically useless.

For the most part, this information is being stored, accessed, and shared in cloud applications, such as Google G Suite and Microsoft Office 365. There are a number of benefits to working in the cloud with reputable application vendors. As mentioned previously, it allows IT teams to outsource infrastructure security and maintenance to these vendors (which, most likely, have far more resources to hire top talent and maintain large teams).

[FREE GUIDE] Configure Your G Suite & Office 365 Security Settings With Your Free Cloud Security Checklist >>

They also tend to build great native cloud security controls. These controls help system admins properly configure authentication and security settings. Because, while the vendor is responsible for the infrastructure security layer of their own cybersecurity infrastructure, they are not responsible for the service level security. Securing and monitoring access to information stored in cloud applications is the responsibility of the customer (a.k.a. you!)

6. Incident Management & Response

Finally, you will need to integrate an incident management and response layer into your multi-layer cybersecurity infrastructure. If (or, more likely, when) an incident occurs, you’ll need a plan and process for responding to it. Depending on the scale and/or seriousness of the incident, the attack vector, and the industry you are in, your processes may need to look a little different.

Incident management and response processes generally include the following steps:

  1. Detection & analysis
  2. Containment, remediation, & discovery
  3. Reporting & communication
  4. Post-incident retro

[FREE GUIDE] Configure Your G Suite & Office 365 Security Settings With Your Free Cloud Security Checklist >>

How To Incorporate Cloud Security

The first step in incorporating cloud security into your school district’s cybersecurity infrastructure is to make sure that you have properly configured your various apps native security settings. Using this cloud application security checklist can be very helpful in accomplishing this first step.

Next, you will want to incorporate the 5 cloud application security best practices into your processes and your tech stack. These best practices include:

  1. Don’t ignore due diligence in cloud app selection & sanctioning
  2. Manage access to cloud applications & user behavior
  3. Cloud phishing & malware threat protection
  4. Automate & remediate cloud application security risks
  5. Audit & optimize cloud security settings

Finally, circling back to our earlier discussion about layering and redundancy, it may be a good idea for you to look into a 3rd party cloud application security platform. Commonly referred to as a cloud access security broker (or CASB), a CASB can provide several benefits to your cybersecurity tech stack. It can provide an additive layer of protection to your data stored in the cloud, providing more security than exists with the apps native functions. CASBs also pull all your cloud application security monitoring, auditing, and policies into one dashboard. This makes monitoring and incident response much easier for IT teams, because they don’t have to spend time logging into multiple different platforms and navigating different UIs to find the information they are looking for.

Cloud security is a critical layer of cybersecurity for school districts that are storing, accessing, and/or sharing information in the cloud. Relying on network security controls to protect the cloud layer is risky at best. The good news is that incorporating cloud security into your cybersecurity infrastructure isn’t complicated (nor does it need to be expensive).

The biggest problem I see right now is awareness. Many people are not fully aware of the unique cloud security threats they are exposing their data to. Others simply don’t realize that their network security tools don’t have them covered—until it’s too late. But now you know!

Cloud Application Security Checklist Blog CTA XXL

CASB 2.0: Cloud Security, Visibility and Control

Get cloud security like you’ve never experienced before with CASB 2.0

CASB 2.0 is the natural evolution of cloud security technology that was born as the cloud revolution has aged into common practice. No longer is a cloud-enabled workforce a key differentiator, nor does it provide significant strategic advantage. Companies and organizations for all types and sizes have made the switch to cloud computing, and those that haven’t are now more the outlier. But the big question now is: how are cloud applications being secured?

This question was answered with the CASB. What is CASB? It’s a term coined by Gartner, and abbreviated from cloud access security broker. The term is used to describe the cybersecurity industry segment of tools designed to secure access to information stored in cloud applications. Initially, CASB vendors provided solutions that rely heavily on network security fundamentals like firewalls, proxies, and web gateways.

But, as more and more data storage and access traffic is routed through cloud applications, the perimeter has been declared all but dead. Open access to data from any device, in any location requires a different kind of solution that doesn’t just secure cloud access “at the border”, but monitors and controls activity within cloud applications themselves to support zero trust security models. Thus, CASB 2.0 was introduced to the market…

The CASB API Revolution

CASB 2.0 API architecture

After a few years of trying to fit network security technology into cloud security models, someone had the bright idea to use APIs in their CASB architecture. And CASB 2.0 was born.

Using API vs proxy technology to secure cloud applications is a natural choice for CASB 2.0. It uses the native integrations protocols to secure access to data stored within the application, as well to control activity. Rather than placing an appliance between employees and the files they are trying to access, API-based CASB 2.0 provides a fast, seamless, and secure experience for end users and IT teams alike.

Most organizations already have a firewall or a secure web gateway (SWG). Legacy CASBs that use proxies (either forward, reverse, or “agentless”) simply duplicate this layer in your cybersecurity infrastructure. CASB 2.0 uses APIs to protect your data stored in the cloud, rather than your perimeter. In this way, CASB 2.0 is an additive security layer, rather than a duplicative one. They will work very well with existing security tools, including firewalls, SWG, MTAs, etc. to help security teams gain an increased level of visibility and control over what is going on within their cloud applications.

CASB 2.0 builds deep, 1-to-1 API connections between the CASB platform and the cloud application that needs to be secured. If your organization uses G Suite, Office 365, Slack, and Dropbox, for example (like many do) you would, in effect, have a Microsoft CASB, a Google CASB, a Slack CASB, and a Dropbox CASB. All wrapped up into one, easy to use and manage platform!

[FREE CHECKLIST] Make Sure Your Cloud Application Security Settings Are Properly Configured. Get Your Checklist Here >>

What Does CASB 2.0 Solve?

Using a CASB solves a number of business challenges. CASB 2.0 that uses an application’s native APIs to secure, monitor, and control activity within it takes it a step further. Advanced protection and control features that CASB 2.0 provides includes:

Discover & Control Shadow Cloud IT

Shadow IT has long been the crux of cybersecurity controls. The emergence of cloud-based SaaS applications has only made it more of an issue. OAuth applications, in particular, can cause huge problems for security teams and organizations. CASB 2.0 shines a light on OAuth shadow cloud IT. And it provides advanced controls over it, including ranked risk factors, automatic unsanctioning, deletion, etc.

Advanced Data Loss Prevention

Data loss prevention is a broad topic, complicated further by the amount of data being stored and accessed in the cloud. Inappropriate sharing settings, employee downloads, and more are issues that IT and SecOps teams can gain control of in the cloud with CASB 2.0.

Shut Down Account Takeovers

Account takeovers are a growing concern for organizations. It is easier for criminals to gain access to even more information when they are able to takeover cloud application accounts. CASB 2.0 provides granular visibility and control over activity taking place within cloud applications. This means that, if an account takeover gets past your perimeter and is successful, your CASB security will be able to detect anomalous behavior, such as external sharing attempts, mass downloads, sending phishing emails from internal accounts, etc. The platform can then take remediation actions when it detects such behavior, including shutting out the account entirely and forcing a password reset.

Advanced Malware & Phishing Protection

Malware and phishing schemes have evolved in the cloud, and are now including lateral phishing tactics that cannot be detected by traditional MTAs or SWGs. Lateral phishing starts with an account takeover, sending phishing emails from within the organization to others in order to gain access to more information. Like account takeovers, this type of attack is notoriously difficult to detect and stop without a CASB solution in place.

The world of doing business has evolved dramatically in a very short amount of time. Cloud computing has driven so much innovation and improvement during that time, and has been a boon for businesses and organizations of all types and sizes. Unfortunately, many organizations have not taken the time to understand the nuances of securing information in the cloud in the same way they have network security.

The result is a lingering myth that network security technology is sufficient to secure cloud applications. Teams that are taking their cybersecurity infrastructure seriously are using CASB 2.0 technology to secure the data stored in their company’s cloud applications.

Cloud Application Security Checklist Blog CTA XXL

8 Business Challenges A CASB Solves

Using a CASB solves these critical data security business challenges

The cloud access security broker (also referred to as a CASB) is now an essential piece of any organization’s cybersecurity infrastructure. Businesses using cloud applications for productivity, collaboration, and storage are challenged by the unique security requirements of operating in the cloud. Using a CASB solves many of these challenges by providing unmatched security, visibility, and control over access to and behavior within popular cloud applications.

What is a CASB? It is a technology, often in the form of a platform, used to protect data stored in cloud applications, such as Google G Suite, Microsoft Office 365, Dropbox, Slack, etc. CASB architecture can be built in two basic ways. A CASB can use APIs or it can use an agent, proxy, or extension. API vs. proxy CASB architecture has important differences, each with their own advantages and disadvantages.

Gartner coined the term to describe the industry of CASB vendors that has developed over the past several years to solve the unique security issues that businesses and other organizations experience when they move to cloud computing from traditional, on-premises software. Here, we’ll explore eight of the most common business challenges that a CASB solves, why these challenges are unique and important to cloud computing, and how a CASB is able to help.

Governing Access

Secure cloud access is the first and most important defense to protecting data stored in cloud applications. The development of API-based CASB technology now allows CASB vendors to build more broad governing controls. Detecting account takeovers, monitoring how data is shared and used, and controlling shadow cloud IT are all benefits that using a CASB provides to IT teams.

1. Restrict Unauthorized Access

Of course, restricting access to information stored in the cloud is the first data security concern of any business. Many IT leaders mistakenly believe that their firewall is sufficient to secure data stored in the cloud. But the cloud doesn’t exist on your network, and employees aren’t always accessing the information from within the network. They’re taking their laptops and devices home, to the coffee shop or shared workspace, and while traveling.

The point of the cloud is to allow access to information from any device, in any location. The challenge for IT and security teams is to only allow that type of freedom to authorized users. A CASB solves this challenge by securing and monitoring access to information within the cloud, not just at the perimeter.

2. Identify Account Takeovers

Account takeovers are when an unauthorized user gains access to an authorized account. This happens in a number of ways in cloud computing. It could have been due to weak password and authentication controls, a phishing attack, or through a malicious OAuth application. However access is gained, identifying when an account takeover has occurred is notoriously tricky, particularly in the cloud. This is because, without the right type of monitoring tools in place, admins have no visibility into behaviors that are taking place within the application. Once the attack has crossed or circumvented the secure network perimeter, there’s no “hall monitor” watching what’s going on.

Using a CASB solves this issue because it monitors for suspicious login and activity behavior 24/7. If a potential issue is detected, a CASB can automatically take action to revoke access from the suspected account. The speed at which access is revoked largely depends on the CASB architecture.

[FREE] Are Your Cloud Apps Secure? Download Your Step-by-Step Cloud App Security Checklist for G Suite & Office 365 Here >>

3. Uncover Shadow Cloud IT

Shadow IT has been a business challenge for decades. The newer evolution is shadow cloud IT. Employees are using more cloud applications than ever before, and cloud apps are quickly overtaking the use of unsanctioned software and web applications.

The main problem with unsanctioned cloud (or SaaS) apps centers around the use of OAuth. Once an employee activates a cloud app using their work credentials, that application is granted specific permissions based on the app developer’s specifications.

There are two main issues with this. First, the application developer may not have malicious intent, but there could be security gaps within the architecture of the app. This application’s security gaps are now passed on to your organization. If their app is attacked, hackers can gain access to customer information, and customer cloud environments that are connected through OAuth.

The second issue with shadow cloud IT is that there are malicious apps out there. Knowing how powerful OAuth access can be, criminals develop applications with the intent of getting people to provide OAuth permissions. For example, they can create an application that requires read, write, and send permissions for the user’s email. Once granted access, the application can use those permissions to send phishing emails to others in the organization. These phishing emails will usually not be flagged by traditional MTA.

CASBs detect risky and unsanctioned applications that have been granted OAuth permissions and can be configured to revoke access, unsanction, delete, or warn the user. Using a CASB, admins can easily see and control the shadow cloud IT connected to their organization’s environment.

Securing Data

CASB security is the only way to protect data stored in cloud applications, such as Google G Suite, Microsoft Office 365, Dropbox, Slack, etc. This is because data stored and accessed in the cloud does not live within your perimeter—nor is it always accessed from inside your perimeter. Three business challenges that a CASB solves in terms of data security include data loss prevention, providing data access controls, and auditing risky (and unauthorized) behavior.

4. Cloud Data Loss Prevention

Data loss prevention is a hot (and important) topic. There are many different types of data, and data loss prevention methods, that should be used to protect company data. When it comes to operating in the cloud, there are a few ways that data can be lost. If you’re using a reputable cloud service provider to store your data, such as Google or Microsoft, you can rest easy that the underlying storage infrastructure is secure and backed up.

But securing the service side of any of these companies cloud apps is your responsibility. Both provide robust tools and features to help you do that, but you need to make sure they are properly configured and sufficient for your organization’s needs.

[FREE] Are Your Cloud Apps Secure? Download Your Step-by-Step Cloud App Security Checklist for G Suite & Office 365 Here >>

A 3rd party CASB is going to be an extremely helpful component of your data loss prevention tech stack for a couple of reasons. It will provide a central “command center” for cloud activity, rather than requiring staff to monitor behaviors and alerts in multiple, disparate systems. It also provides a redundant, additive layer of security to detect risks that might not get picked up by native app security functions.

5. Internal & External Data Access Controls

The core tenant of modern data security is zero trust security. Zero trust security is exactly what is sounds like: trust no one, no matter if access is internal or external. As discussed earlier in this article, cloud app account takeovers are on the rise, can come from a number of different types of breaches, and are notoriously difficult to detect without the right kind of CASB solution.

Using a CASB enforces zero trust security architecture in the cloud, because CASB technology monitors behavior within cloud applications, not just access to it at the perimeter. Your information security team needs to be able to see what is going on within cloud applications, including: who is accessing what information, who is sending and sharing what type of information, what cloud apps are connected via OAuth, and more. A CASB solves this challenge by providing full visibility and control over these types of behaviors, while automating remediation actions.

6. Record An Audit Trail Of Risky Behavior

Being able to monitor and report on risky actions and behaviors within an organization’s cloud applications provides a number of benefits, both short term and over time. It provides insights into how employees are accessing and using information in the cloud to inform better security controls (such as adjusting DLP rules and policies). It can also help inform when cybersecurity training is needed, and what areas to focus on to improve employee behavior and mitigate the human error element.

Most organizations, especially smaller teams with limited cybersecurity resources, are able to obtain and use this kind of information. It can be extremely time-consuming, if not downright impossible, to do. A CASB solves this challenge by, first actually being able to create this kind of data. Second, some CASBs also provide the capability to schedule regular audits and reports, so the data collection, formatting, and distribution happens automatically. Then, it’s up to the team and the organization as a whole to decide what to do with it to improve their security posture.

Protecting Against Cloud Threats

Phishing and malware threats are nothing new. But how they are deployed in the cloud can be a bit different. Protecting your organization’s data stored in the cloud must include cloud-specific phishing and malware protections that can detect a litany of new threat vectors. It also requires 24/7 monitoring and remediation of cloud risks, even while your security team focuses on more pressing issues… and while they sleep!

7. Cloud Phishing & Malware Threats

Increasingly, hackers are using a gaping vulnerability in cloud app security to deploy cloud phishing and malware attacks. How these attacks usually work is that a criminal will place a phishing link in a Google Doc or a Word file. They will then share that file or send a link to it to people in an organization, hoping that someone will open the file and click on the link within it. Once they are able to trick even one person into clicking on the link, they are able to wreak all kinds of havoc on an organization. Often, it results in the hacker gaining access to the user’s account, allowing them to send phishing links to others in the organization directly from the internal email to try to gain access to higher-level accounts with access to more sensitive information.

The reason this approach is proving effective is that Google and Microsoft phishing filters are set to identify their own links as safe. So, when a sharing link is sent via email, phishing filters will not flag it. Most traditional MTAs won’t flag them either, as everyone assumes a link coming from Google or Microsoft is safe. And, in reality, it is. It’s not until someone clicks on the link within the document that the malware is activated.

Using a CASB solves the challenge of protecting your organization against this type of attack. Because, again, a CASB is monitoring for risks within the cloud, not just at the perimeter. So, it can detect suspicious links within a shared document and in emails that are sent internally within an organization. A CASB trusts no one—no matter who or where they are.

8. Continuously Monitor for New Cloud Risks

A crucial cloud security challenge is that most IT and/or security teams don’t work 24/7. Larger organizations may have big teams that work around the clock, but the vast majority do not. So, they can’t have a physical human being monitoring for cloud risks and taking action any time something comes up. IT leaders need a solution that will help manage the various risks, suspicious activity, and actions that need to be taken so they (and their employees) can sleep at night!

[FREE] Are Your Cloud Apps Secure? Download Your Step-by-Step Cloud App Security Checklist for G Suite & Office 365 Here >>

A CASB does this for organizations of all sizes. An API-based CASB, for example, can be deployed in a matter of minutes or hours (depending on the size and type of data being stored) and is very cost effective compared to agent and proxy-based CASB solutions. And certainly more effective and affordable than next-gen firewalls that simply do not provide the level of visibility and control that a CASB does.

Businesses that operate in the cloud need to ensure that data stored, access, and shared within cloud based applications are secure. Data breaches and account takeovers are common not just among Fortune 500 giants, but mid-sized organizations, education institutions, government agencies, and nonprofits. The media and the cloud security industry tends to ignore the significance of the threat to these types of organizations, so IT and security leaders within them sometimes feel a false sense of security. But cyber criminals are taking note. Attacks against public institutions, SMBs and nonprofits are on the rise.

Properly configuring your organization’s cloud application security settings should be your first step to protecting your organization, staff, customers, and other stakeholders. Once that is done, consider using a CASB to monitor and control your cloud environment for further, 24/7 cloud security.

Cloud Application Security Checklist Blog CTA XXL

5 Cloud Application Security Best Practices

Best practices for securing data stored in your team’s cloud applications

Just about every organization uses cloud applications in daily operations. Data backup, communications, file storage, and much more is now being managed in the cloud. The biggest (and most troubling) misperception about cloud computing security is that perimeter-based technology works for securing cloud applications. Improve your cloud security operations with these five cloud application security best practices.

Learn More: What is cloud application security? >>

1. Don’t Ignore Due Diligence in Cloud App Selection & Sanctioning

SaaS infrastructure security is something that most of us take for granted. We’re so used to doing business in the cloud, that we connect to tools and applications without thinking twice about potential security consequences. This cavalier approach to technology is causing information security teams a ton of grief. It’s also given rise to the term “Shadow IT”, which has expanded significantly with the use of unsanctioned, or “shadow”, cloud IT.

Every time a new application and/or platform is connected to your company’s cloud environment, a new risk is exposed. The 2018 “Data Risk in the Third-Party Ecosystem” study by Ponemon Institute reported that 59% of companies surveyed experienced a data breach caused by a vendor or third party. While SaaS vendors only make up a portion of that number, it’s a compelling and troubling trend.

As company vendor and third party relationships expand and become more complex, it is critical for information security teams to manage what vendors are being granted access to their IT ecosystem. When it comes to SaaS applications hosted and accessed in the cloud, this task is impossible without the right set of cloud security tools.

But having the right cloud monitoring tools in place is just part of the battle. Information security needs to be involved in helping teams do their due diligence in selecting vendors. Here are six steps to safe SaaS app selection:

1. Know the source: Is the app offered by a reputable developer? Is that developer active in completing updates and patches?
2. Limit excessive permissions: What types of permissions is the app requesting, and does it really need those permissions for its intended purpose?
3. Be mindful of the app’s name: Camouflage is just about the oldest trick in the book. Criminals often create look-alike and sound-alike apps to trick people into downloading them.
4. In-app purchases: Does the app require credit card information for in-app purchases? Does it need to for its intended purpose?
5. Authentication & Encryption: How does the app handle authentication? What encryption methods are used for storing and accessing data? (This is likely something your team will have to help your colleagues out with)
6. Read Reviews! Always read through the app’s reviews to understand what other people have experienced. Be wary of overly complimentary reviews, which could be faked.

[FREE] Cloud Application Security Checklist. Get It Here >>

2. Manage Access to Cloud Applications & User Behavior

Setting up and properly configuring Multi-Factor Authentication (MFA) and Single Sign On (SSO) is access management 101. If you don’t have these set up for your organization’s cloud applications, do it now. Seriously.

You’ll also want to make sure that you set up user groups within your main applications (typically Google G Suite and/or Microsoft Office 365) to manage who can access what. For example, not everyone in the organization needs access to business financial data or HR information. Segmenting information and only allowing access by specific users who need access to them significantly improves your data security posture.

But there is more that can be done. Account takeovers are on the rise, and can lead to all kinds of problems. Putting a block on IP address locations for logins, for example, go a long way in significantly reducing your risk of an account takeover. Monitoring for a spike in the number of failed login attempts will also help your team detect when your environment is currently under attack, so steps can be made to fortify account access. Perhaps a password change is in order. Or a simple communication to the organization to be hyper-vigilant for phishing emails can go a long way to thwarting attacks.

Monitoring for abnormal user behavior is another way to detect if an account takeover is occuring. These behaviors could include phishing emails being sent from an internal account, bulk downloading of files, and importing of files containing malware links to your shared drives.

We hate to think about it, but internal threats are also something that teams need to monitor for. Data breaches that involve disgruntled or otherwise compromised employees happen, and they are just as harmful (if not moreso) than one created externally. Customer and/or employee information, trade secrets, and financial data are all assets that an employee may decide to use for their own gain.

By monitoring user behavior, security teams can detect if information is potentially being improperly handled by internal users, as well as external attacks.

3. Cloud Phishing & Malware Threat Protection

Email is still the #1 threat vector. Protecting email, whether they are hosted in the cloud like Gmail or otherwise, should be a top concern for security teams. Cloud malware threat protection works a little differently than traditional perimeter-based security technology, like proxies and gateways. Criminals are increasingly finding ways to circumvent perimeter-based security for organizations that use cloud-based email platforms.

We’re increasingly finding that native email filters provided by Google and Microsoft are also susceptible to a significant vulnerability. These filters are set to automatically “whitelist” links coming from their own domain. Now, there are more incidents where hackers upload a file containing a malicious link to Google Drive or SharePoint, and then send the file link in an email.

Adding a cloud-specific protective layer to your cloud-based email apps is now as critical to a secure infrastructure as traditional email filters.

4. Automate & Remediate Cloud Application Security Risks

Information security teams are notoriously under-staffed and under-funded, particularly in small to mid-sized organizations. Cybersecurity awareness in the executive suite is certainly improving, but we still have a long way to go. Using tools that can help small, overwhelmed teams operate more efficiently is key.

A Cloud Access Security Broker (CASB) helps automate cloud app security risk detection and remediation 24/7. It makes each of these cloud application security best practices actually happen, day in and day out, for security teams.

Using a CASB, you can set up data loss prevention rules and policies that will automatically detect abnormal behavior, improper use of information, malware and phishing threats, shadow cloud IT, and more. The technology will then take the remediation action that you select to quarantine, delete, revoke access, etc. automatically, making your job much easier.

See CASB In Action! Click Here For A Quick Demo On-Demand >>

5. Audit & Optimize

All good cybersecurity teams consistently audit and optimize their security infrastructure and posture. Depending on the size and complexity of your data environment, this may happen on a weekly, monthly, or quarterly basis. Whatever your time scale is, make sure you are auditing your cloud security often enough, and consistently.

This is another area where CASBs can help. Using a CASB, you can set up audit reports that you would like it to run on a periodic basis. This way, you get the reports you need sent directly to you, rather than needing to set up the same report over and over again.

An audit will show you where new vulnerabilities have opened up, if you have unsanctioned apps sneaking back into your environment, etc. Keeping an eye on these risks and trends overtime will help you optimize how you’ve set up your rules and policies, making your CASB work even better for you over time.

There is no perimeter in the world of cloud computing. Using technology meant for defending a perimeter to secure cloud applications is ineffective, and creates unnecessary vulnerabilities. Following these cloud application security best practices, paired with the right kind of technology, will close the vulnerability gap while providing your security team with the visibility and control they need to do their jobs effectively in the cloud.

Cloud Application Security Checklist Blog CTA XXL

What Is A Data Breach?

What is a data breach and 6 steps to protecting your data

A data breach is defined by Wikipedia as “the intentional or unintentional release of secure or private/confidential information to an untrusted environment.”

Data breaches take many different forms. Some are caused by simple accidental improper sharing and security settings that don’t result in use of the data. This can be thought of more as “data exposure”. A data breach can also be caused by a calculated, malicious act to gain information that can be used for profit. These types of attacks commonly target personally identifiable information (PII) such as social security numbers, payment card industry data (PCI) a.k.a. credit card information, and/or trade secrets.

It’s worth noting that a data breach and data loss are two different types of risk. However, a data breach can lead to data loss. This is particularly true in the perimeter-less world that most school districts now live in, due to their reliance on cloud applications for everything from learning management systems to HR and financial data storage.

In this article, we will use the term data loss prevention as a way to prevent a data breach. It can certainly be argued that these are two different types of risks that need different security approaches. It is our stance that, in today’s cybersecurity environment, a data-first approach to security is necessary.

3 Causes of a Data Breach

There are three common causes of a data breach: accidental, internal criminal, and external criminal.

1. Accidental Data Breach

Accidents happen. Data breaches due to accidental or non-malicious actions are the most common data breaches. Particularly as cloud computing and BYOD drive both classroom and district employee collaboration and productivity, school districts are becoming more susceptible to accidental data breaches.

For example, we see cases where district staff accidentally set a document sharing settings to “visible to the public”. In this case, anyone could find the document and see the information it contains. When this happens, it’s usually unlikely that the document was actually accessed by outside viewers. But it’s not entirely out of the question, and it’s certainly not ideal to have documents and information floating around in the public accidentally. This is particularly true for employees that have access to documents that contain sensitive information, such as student and staff personally identifiable information and district financial and/or payment information.

Accidental data breaches can also occur when a device is lost or stolen. For example, when a staff member accidentally forgets their phone on the bus, access to information granted on that device is granted to whomever finds the device and decides to use it themselves. There have unfortunately been several cases of lost or stolen hardware being used to access sensitive information.

2. Internal Criminal Data Breach

Data breaches that are caused by an internal “bad actor” are notoriously difficult to detect and are an increasing concern. Data breach cases involving disgruntled employees and bribery schemes make data loss prevention even more difficult for IT teams.

In many cases, these types of data breaches involve employees who are leaving the company that steal data. In one such case, a K-12 school district IT contractor stole a database containing information about 70,000 people when she found out she was fired. The files were stored in the cloud, and she was able to access the files remotely before school officials could close her account.

In another case, AT&T employees were caught taking bribes to infect the company’s network with malware. This malware was used to collect data on the company’s internal infrastructure using keylogging. The scheme also included unlocking devices and installing “rogue wireless access points” into AT&T’s network. AT&T reportedly estimates that it lost more than $5 million in revenue each year, over at least a four year period.

The moral of each of these stories is that school districts can’t be too careful when it comes to monitoring for data breaches. We tend to think of data breaches as something that only happens to financial companies, like Equifax and Capital One. And that they only come from the outside. But, insider data breaches are destructive—and are on the rise.

3. External Criminal Data Breach

Data breaches from external hackers are most widely discussed and feared in the cybersecurity world. And this is with good reason. While employee negligence is the biggest cybersecurity risk, email continues to be the biggest phishing and malware threat vector.

Cybercriminals outside of your district want to gain access to your information for one reason—to make money. This can be accomplished in a number of ways, with ransomware and selling data on the dark web being the two most common.

Account takeovers (also referred to as account hijacking) are an increasing concern for district IT teams. This is because an account takeover can make an external data breach look just like authorized internal access. Account takeovers are notoriously difficult to detect and can go on for months and even years before they are detected.

As schools become more mobile and remote, detecting and remediating account takeovers is a major focus for companies of all sizes. In the good old days, students and teachers were all in the classroom and employees were all in an office, and those who traveled were required to access the network via a VPN. With the rising popularity of cloud computing, the district’s network perimeter is all but dead. New data loss prevention methods need to be used for new challenges.

Types of Data Targeted

Four types of data are typically targeted by cybercriminals—both internal and external. These include payment card industry (PCI) information, personally identifiable information (PII)—such as students’ social security numbers and employees’ W2s, and district financial information. The human and financial toll that students, parents, and district employees experience as the result of a data breach and identity theft can be significant.

How to Prevent a Data Breach

Preventing a data breach on a day-to-day basis is difficult, and building an information security and incident response program is worth every penny. When thinking about how to prevent data loss, most people think in terms of data loss prevention tools. But data loss prevention is much bigger than software alone. From a broad view, there are six simple steps your organization can take to improve data loss prevention.

6 Steps to Better Data Loss Prevention

  1. Back up your data
  2. Set up DLP policies and processes
  3. Use data loss prevention software
  4. Monitor for improper use of data (both internal and external)
  5. Monitor for account takeover behavior
  6. Regularly audit for data breach risks

Are you protecting your data stored in the cloud from breaches and/or loss? Sign up for a FREE 30-Day trial and experience cloud data loss prevention for K-12 school districts with ManagedMethods.

data loss prevention free trial offer

7 Step Data Loss Prevention Checklist

Use this 7 step data loss prevention checklist to help plan and tackle your DLP strategy

This data loss prevention checklist is meant to provide a framework for ensuring that your organization’s sensitive data is secured from improper access—both internal and external.

But, you may first be wondering: what is data loss prevention? Data loss prevention (or DLP, as it is commonly abbreviated to) is simply a strategy and process for ensuring that information stored by your organization is not improperly or unintentionally exposed.

The most important data to secure is that which is regulated by federal, state, and/or local laws. This type of data broadly includes personally identifiable information related to minors, and employee and customer credit and financial information.

Companies will also want to secure proprietary information, such as intellectual property, financial information, growth and strategy plans, etc. to retain competitive advantage.

Many B2B-focused software and SaaS applications on the market provide at least some level of DLP controls natively. But using these provided tools alone creates an incoherent (and risky) data security environment. They also don’t fully protect your organization’s data infrastructure. There are many data loss prevention tools available on the market today that help information security teams manage comprehensive data loss prevention methods across all digital data assets, including hardware, software, the cloud, and everywhere in between.

[FREE OFFER] Identify DLP Risks In Your Cloud Applications. Click Here To Learn More >>

7 step data loss prevention checklist7 Steps To Better Data Loss Prevention

Step 1. Inventory: Analyze & Categorize

The first step in creating a comprehensive DLP plan is determining where all your organization’s data is located, and how much of it is sensitive information. You’ll also want to analyze your current security posture in each of these locations to determine how data is being managed and protected, and where security gaps may exist.

Common locations for organizational data include:

  • On-premise / network storage
  • Cloud / SaaS application storage
  • Hardware storage, including laptops and desktops, mobile devices, external hard drives, etc.

Once you have a handle on where all your data resides, you’ll want to categorize it. Common data type categories include:

  • Personally Identifiable Information (PII)
  • Payment Card Information (PCI)
  • Customer Information
  • Intellectual Property / Proprietary Information
  • General Internal-Only Information
  • Public Use / Domain Information

As an example, PII includes information such as social security numbers, names, addresses, etc. that can be used to commit identity fraud. On the other end of the spectrum, much of sales and marketing information is created with the intent of being public-facing. This type of information would need less restrictive controls.

Step 2. Regulatory Compliance Establishes DLP Baseline

The level of regulatory compliance that your DLP plan will have to adhere to depends on the nature of your organization. Healthcare companies, for example, need to comply with HIPAA regulations. Companies that process credit cards are required to comply with PCI-DSS. Organizations that work with children, such as K-12 schools and districts, need to comply with regulations like FERPA and COPPA.

Compliance also depends on where you are located, as state and local regulations may add a layer of requirements to your compliance DLP planning.

Regulatory compliance should be just the baseline of your data loss prevention structure. Because regulations don’t cover the more nuanced data protection needs of your organization, such as intellectual property, growth strategy, and other assets that represent competitive advantage.

Step 3. Business Information Data Loss Prevention

After you’ve laid the DLP groundwork to ensure you’re compliant with legal regulations, it’s time to take a look at your business data. Business information that you need to secure from improper use might include:

  • Strategic planning and competitive research and positioning
  • Financial reports and information
  • Intellectual property and proprietary information, processes, etc.
  • Additional prospect, customer, and employee information that may not be covered by data protection regulations

Step 4. Internal Processes & Vendor Selection

Now that you have a handle on what the entirety of your information inventory looks like, what your regulatory compliance obligations are, and what information you need to secure for business reasons it’s time to put processes in place to manage it all.

People tend to think about DLP policies in terms of setting them up in their data loss prevention software. But we’re not quite there yet. Here we’re thinking in terms of a company policy that directs the human behavior element of data loss prevention.

What uses of each type of information category is acceptable, and what is not allowed? Some examples might include:

  • Detailed company funding information can only be accessed by the executive team, and cannot be shared outside the organization
  • Proprietary product code cannot be accessed outside of the “tier 1” engineering team
  • Any files and folders labeled “Confidential” cannot be shared outside of the organization
  • SaaS applications must be sanctioned by the information security department prior to use

Your DLP policy planning should also include requirements for vendor, supply chain, and/or partner security requirements. This is an often overlooked area of a DLP strategy, but there are plenty of examples of malicious attacks in one area impacting client or partner organizations throughout the supply chain. To use the cliche, your data loss security strategy is only as strong as the weakest link. The many operational benefits of an interconnected vendor system also exposes unique cybersecurity challenges that must be addressed in any solid DLP plan.

Documenting these policies prior to going into your software helps in three ways. It helps you and/or your planning team organize your policies plan in a structured way. Second, it provides a formal document that can be incorporated into the employee handbook and shared with employees for training purposes. And third, it helps the software implementation team efficiently and coherently set up each of these policies in the DLP software.

Step 5. Building Automated DLP Rules & Policies

Data Loss Prevention Product ManagedMethods

OK, so now comes the fun part! Now that you’ve categorized your data and you have processes and policies in place, you’ll want to get as much DLP policy management automated as possible. This means using a DLP platform to set up rules and policies that govern everyday use and behavior in your organization.

There are many, many data loss prevention software and solution providers available on the market. The best one for your organization is highly dependent on your specific IT infrastructure and unique needs.

But the basics are about the same. Any good DLP platform will allow you to set up rules that govern how a specific type of file or folder or software can’t be used. Then, there are policies to put in place that tell the platform what to do if that rule is broken. Policies can do things like send notifications and alerts, revoke sharing, quarantine, delete, suspend a user account, unsanction an application, etc.

Most experts agree that it’s best to start with a light touch here, and then incrementally restrict over time. This approach, of course, also depends on the nature of your business and how strictly regulated your industry is. If you are operating in a highly regulated industry, such as healthcare, you’ll likely want to approach it from the other direction by being as restrictive as possible, and slowing opening access if needed.

Experience Cloud Data Loss Prevention FREE For 30 Days! Click Here To Sign Up For A Risk Assessment >>

Step 6. Educating The Team

Studies show that educating employees on the importance of data loss prevention and company policies surrounding the matter significantly improves an organization’s security stance. They also show that continual reinforcement, rather than a one-time training event, is the most effective way to improve the inherent human element behind data loss.

This is an area where documented data loss prevention policies and processes (created in step four) are helpful. It provides everyone with the information they need to understand their personal responsibilities when it comes to company data security. It also outlines what is acceptable behavior and what is not.

Your DLP platform can be helpful as well. Most solutions provide the functionality to send the offending employee a notification email when they have done something that violates a DLP rule. Setting up these types of emails helps automate continual reinforcement of company data security policies and is beneficial to employees as well.

Step 7. Monitor & Strengthen

Data loss prevention should not be treated as a “set it and forget it” project. Particularly for the first several months to a year after the first implementation, you should closely monitor the efficacy of your processes and automations to ensure they’re working as expected, and to identify gaps.

Your DLP platform will be key in this area. Investing in a platform that monitors your environment 24/7 means that you and your team can focus on other projects or tasks while the technology does the redundant work. Set up automated audit and risk reports, so that you gain quick and easy visibility into your data loss risks and can adjust as required.

Using This Data Loss Prevention Checklist

The specifics of how to prevent data loss in your organization depends on a variety of factors—including the type of hardware and software you use, and the level of data complexity in your organization. Therefore, it’s impossible to create a data loss prevention checklist that will apply to every organization. But hopefully this checklist gives you a solid framework for planning and tackling your data loss prevention strategy.

It’s important to note that if your team uses cloud applications, such as G Suite, Office 365, Slack, Dropbox, etc. and you’re relying on firewalls to protect your data from loss, chances are high that your data is exposed. As discussed in step one, there are many locations where data may be located, and each of these locations represent a potential for loss. Many information security professionals don’t fully realize the unique challenges of securing data in the cloud as compared to other locations, such as in on-premise servers and employees’ desktops.

The unique challenges of securing your organization’s sensitive information in the cloud are important, but not insurmountable!

Sign up for a free cloud data loss prevention risk assessment today, and we’ll help you determine where you have DLP risks in your cloud environment in a matter of hours.

Data Loss Prevention Free Risk Assessment

What You Need To Know About How Data Loss Prevention Software Works

Data loss prevention software is a vital component of your security infrastructure

You know what data loss prevention is, but you may have some lingering questions about how to prevent data loss. Data loss prevention software is not the silver bullet in the constant battle for data security. It is, however, an important arrow in the InfoSec team’s quiver. Data loss prevention software helps teams automate much of the daily tasks that are required to keep sensitive company data secure.

Data loss prevention methods have evolved over the past several years as organizations have transitioned to cloud computing. While many methods remain important, such as backing up your data and using strong passwords, securing data in the cloud is challenging in several ways. Companies that use G Suite or Office 365 can no longer rely on perimeter network defenses to secure data stored, accessed, and shared in the cloud.

Categorizing Data Types in Data Loss Prevention Software

When you are just getting started data categorization will likely be more of a manual process than software-driven. Much of that process depends on the amount of data you’re working with and how complicated your infrastructure is. Most of the data loss prevention software available will use some level of machine learning to process and categorize common data types.

For example, many solutions have the ability to identify and classify credit card numbers stored in a spreadsheet or an email. Some even use optical character recognition to detect images of credit cards. Most data loss prevention software solutions incorporate this level of data classification out-of-the-box because spreadsheets, emails, and images are common data types, and because there are compliance regulations around how companies are required to store and secure credit card information.

On the other hand, custom information like company financial data, strategic plans, and intellectual property will need custom categorization settings. Using data loss prevention software, you can set up custom category types.

[CHECK IT OUT] Data Loss Prevention Software In Action. Click Here To Watch A Recorded Demo >>

Data Loss Prevention Rules and Policies

Data loss prevention software relies heavily on rules and policies that drive action- basically, rules tell the software what data needs to be checked, and policies tell the software how to handle it.

Let’s say you want to make sure that customer credit cards are not shared outside of a specific group of users within your company. Most solutions have templated rules for this that your can use, but we will continue with this instance to better understand the software.

First, you will set up a rule within the data loss prevention software that tells it what credit card numbers look like. You will need to set up a “pattern” for the system to check for, you should also be able to set up “whitelist” patterns and words in the rule. This will reduce the number of false positives you experience once the policy is live. Most, if not all, of the data loss prevention software on the market today will include the ability to validate the number of false positives using the Luhn algorithm, either by providing you with the option or simply doing it automatically.

Once you have your rule set up to detect credit card numbers in your environment, you need to set up policies to tell the software what to do with the card numbers. Again, there is usually an “out of the box” template for this type of data loss prevention policy but it’s good to know  how to adjust it if you need to down the road.

Policies are where the fun really begins. Policies are set up by identifying the rule as a “trigger” and then telling the data loss prevention software how to respond to it. So, you may set up a policy that tells the software to “revoke sharing” when it finds a file that is breaking the “files containing credit card numbers” rule.

You’ll want to set up notifications within these policies to notify your system admin that a rule has been violated so they can investigate it further if needed. For certain types of policy violations, particularly where an unauthorized file share has occurred, you should set up user notifications as well. This helps continually remind and educate your colleagues on the importance of data security and what types of data should not be shared.

File Matching

Data loss prevention rules can also be created around certain types and sizes of files. We’ve seen cases where users were uploading bootlegged movies into a customer’s shared drive and sharing them with other colleagues. Not only is this illegal, but it also took up a huge amount of storage space.

The system admin was able to go in and create a data loss prevention rule to match files based on type and size, and then remove the files in bulk. He then created a policy that would detect these types of files from now on and automatically remove them from the cloud environment.

File matching in data loss prevention is a powerful tool, it can be used to detect encrypted files that should be protected being uploaded or created in your environment. When you pair file matching data loss prevention tools with content matching data loss prevention rules, you have a strong structure in place to protect your data and cloud environment.

[FREE TRIAL] Start Your 30-Day Cloud Data Loss Prevention Free Trial Today >>

Image Data Loss Prevention Capabilities

A relatively new data loss prevention capability is image scanning, also referred to as optical character recognition. Data loss prevention software that has optical character recognition capabilities is a definite must, and not all data loss prevention or CASB vendors provide it.

Optical character recognition allows the data loss prevention software to scan images files, such as JPEG, PNG, and PDF, for rule violations. Going back to our credit card number example, if an employee has taken a picture of their company credit card and saved it to your shared drive, you don’t want that information to go outside of the people who have access to it. You may not want them to have that file in the shared drive at all, so you’ll want to be able to remove it.

An even more concerning scenario is if there are screenshots or PDFs in your shared drives that contain customer credit information. Data loss prevention solutions that don’t use optical character recognition technology won’t be able to detect the information in those types of files. But those files should be treated exactly the same as spreadsheets, text documents, and emails that contain credit information.

Data Loss Prevention Alerts and Remediation

We’ve touched on data loss prevention alerts and remediation in previous sections, but it is a very important step in the process. Equally important is how different data loss prevention software solutions handle alerts and remediation, because it’s not enough to just flag a rule violation. You need to be able to do something about it!

As you’re setting up your policy, you’ll need to make decisions about what needs to happen when it’s triggered by a rule violation. As previously discussed, there are instances when you may want to send a user or admin a notification to alert them to the issue.

Automated remediation can take many forms. A few examples include:

  • Revoke sharing
  • Delete
  • Quarantine
  • Suspend user
  • Unsanction

Data loss prevention software is a critical component to your DLP tool stack and strategy, it saves companies a lot of money and headache that comes from data loss and breaches. Data loss prevention software also saves system admins time by automating a majority of the data loss prevention process. This allows them to focus on other priorities while maintaining some peace of mind!

data loss prevention free trial offer

Top Data Loss Prevention Methods For Cloud Applications

Companies using cloud applications need new types of data loss prevention methods to secure sensitive information

Companies and organizations have been using a variety of data loss prevention methods over the decades to protect important and sensitive information from being lost or stolen. These methods took on an entirely new life when the use of computers, and soon thereafter, the internet became mainstream. Now, the migration to cloud computing is creating a new need to reinvent how to prevent data loss.

What is data loss prevention? Broadly speaking, it’s simply a strategy for ensuring the sensitive and protected information does not leave the company network. But today, when people talk about data loss prevention (or DLP) they’re often talking about the tools, software, and/or services used to enable it. But, the data loss prevention methods you deploy must include both human elements, such as training and reinforcement, as well as the processes and tools used.

The specific methods you use depend on your specific IT infrastructure. Companies that are using cloud applications, such as G Suite and Office 365 for example, really do need a CASB to enable best DLP practices in the cloud. Here, we’ll take a look at the top six data loss prevention methods you need to include in your DLP strategy for secure cloud computing.

[FREE TRIAL] Sign Up For Your Free 30-Day Trial Of ManagedMethods Cloud DLP >>

1. Backup Your Data!

Automating your data backups is the first, and perhaps most effective, data loss prevention method you should employ. Because there are many ways that data can be lost—from accidental to malicious—automatic backups are about the closest thing you can get to a foolproof data loss prevention method.

Cloud computing has made data backups very easy. If your company is a G Suite or Office 365 customer, you should already have the ability to set up automatic data backups to Google Drive or OneDrive. There are also many 3rd party data backup solutions available on the market for those companies that either don’t already have a solution, or are extra vigilant in their data loss prevention backups and would like to use an additional resource.

2. Set Up Data Loss Prevention Policies

Setting up data loss prevention policies usually starts with classifying the different types of data you have and determining what level of protection each needs. For example, you may separate your data into two or three categories ranging from “open source” to “critical”.

Next, you will want to create policies around how information in each classification can be accessed and shared. For example, “critical” data may be that which only upper management in HR and financing can access. On the other hand “open source” contains files and information that, say, marketing and sales are creating to share outside of the organization.

Once you’ve classified your data types and set up policies around who can access them, and how they can be shared, you’ll want to monitor and audit each policy’s effectiveness. The rule of thumb when it comes to policy-driven data loss prevention methods is to start with very strict restrictions on access (particularly for those skewing toward the “critical” side of the spectrum), then open access slowly to those employees who really need access to them.

Auditing your DLP policies on a regular basis will also help you identify if there are certain types of data that you’ve missed or if you have misconfigured any rules in the process.

3. Use Data Loss Prevention Software

Software enables data loss prevention methods by allowing you to automate policies, monitor use, and detect risks. The right type of data loss prevention software for you will depend on the technology your team uses to store, access, and share data. There are three main types of data loss prevention software: endpoint, network, and cloud DLP.

Just about every organization should be using Endpoint DLP. This is because, well, everyone has at least one endpoint per employee—most have many, many more. Endpoints include laptops, desktops, on-prem servers, smartphones, tablets, and basically anything that connects to your network.

Most companies also know that they need some sort of software to control network DLP. Your network has long been the single access point between the internet and your internal information. However, that has fundamentally changed for most businesses and organizations in the last five to ten years or so. Now, employees bring their own devices to work and expect to be able to use them. SaaS applications have also become prolific in workplace productivity and communications. These changes are what have created the need for cloud DLP software.

[FREE TRIAL] No Credit Card Required! Start Your Cloud DLP Free Trial Today >>

When information is stored, access and sent or shared in cloud applications, traditional network and/or endpoint DLP technology doesn’t cover all the bases. It was developed to protect access to the information. But it doesn’t secure the actual data once authorized access is gained (whether it’s from an internal, actual authorized user or not). Cloud DLP software, often available in the form of a CASB solution, provides InfoSec teams with the ability to monitor and detect activity within cloud applications so that data, not just access to it, is secured.

4. Monitor for Improper Use of Data

Data loss stemming from employees are more common than external attacks (though they get far less attention). For the most part, these incidents are accidental. They can range from an employee spilling coffee on their laptop to having it stolen from their car. Most often, it’s from sharing information with someone that shouldn’t have access to it without realizing they’d made a mistake.

There are also instances of employees stealing information from a company. Because they have authorized access to data, it is notoriously difficult to detect these incidents until well after they’ve occurred. It could be a case of an employee who has been let go or quite who takes customer and/or company intellectual property information to bring to their next job or to sell to a competitor. There are also cases where employees take employee and/or customer information to steal their identities or sell the information on the dark web.

While the intent of internal data loss creates vastly different outcomes, both can be problematic for any company. Even accidental data loss can set an organization back in terms of cost spent creating the information (both financial and/or time), as well as the cost of trying to regain it. Accidental incidents can also create a vulnerability for malicious attacks if left unnoticed and un-remediated.

5. Monitor for Account Takeover Behavior

Monitoring for account takeovers is a next-level data loss prevention method that is difficult to accomplish without the right data loss prevention tools. But, it’s a critical capability in your data security strategy and relatively simple to accomplish with the right technology.

The majority of account takeover attempts (and successes) have the same basic “signatures”. The easiest way to identify one is by monitoring and controlling login locations. A simple example of this is: if all your employees are based in the U.S., you know that any logins coming from another are unauthorized. You can set up a DLP policy to reject any logins coming from other countries outside the United States.

Monitoring for account takeovers should also take into account the number of login attempts. If you’re able to see a sudden and suspicious spike in the number of login attempts over a few hours or a couple of days, you know that that account it being targeted. You can take proactive action in these cases by re-setting the account password and requiring a stronger one.

Finally, using a data loss prevention CASB allows you to detect other types of suspicious behavior, such as massive file downloads stemming from a particular user, abnormal sharing outside the domain behavior, and/or uploading files or sending emails containing malware or phishing links.

6. Regularly Audit Your Data Environment for Risks

One of the best data loss prevention methods available is to continually audit your data environment for new vulnerabilities and risks. These could come from an employee using a new, unsanctioned SaaS application, new patch updates in existing apps, new types of sensitive data entering the environment, and more. InfoSec teams are trained to see vulnerabilities everywhere. A good data loss prevention tool will help you and your team monitor and audit for new risks 24/7.

As you can see, there is a wide variety of data loss prevention methods available for IT and InfoSec teams. Choosing the right DLP solution (or solutions) largely depends on your company’s IT infrastructure, compliance requirements, and budget. For teams that are using popular cloud applications, such as Google G Suite, Microsoft Office 365, Slack, and more, using a reputable CASB with easy to use data loss prevention tools is no longer a luxury—it’s a must-have.

data loss prevention free trial offer

CASBs: Is It Time To Remove The “Broker” From Cloud Access Security Broker?

How are you securing your organization’s data in cloud applications?

Cloud Access Security Brokers are now an integral part of any organization’s IT security infrastructure. IT leaders are realizing just how important cloud security is. As more organizations move to the cloud and more employees rely on cloud-based SaaS applications, such as G Suite and Office 365, the need to secure data in the cloud is greater than ever.

IT leaders are much more aware of what cloud access security brokers (CASBs) are than they were just a couple of years ago. But, in the short time since the term was coined, there have been some changes in available technology that beg the question: Is it time to remove the “broker” from cloud access security broker?

What is a Broker?

The dictionary definition of a broker is one who acts as an intermediary, this is how you can think of a “broker” in the cybersecurity world.

A broker routes traffic from inside a network to the Internet (and vice versa), the extent to which it is able to filter and control this traffic depends on the type of broker. In the early days of cloud security, all the available technology was built using some sort of broker. This includes gateways, proxies, and agents—all of which are lumped into the generic term “broker”.

What is a Cloud Access Security Broker?

So, what is a CASB? CASBs are enforcement points between a customer and a cloud service vendor. The term was coined by Gartner in 2014 to help describe the relatively new industry of cloud security vendors. The first CASB Gartner Magic Quadrant was published in 2017.

At the time, most CASB vendors were still using a broker-type appliance to secure access to cloud applications. These types of solutions work like a firewall; they take information that is trying to gain access to a company’s internal network from the Internet, and filter it through policy enforcements. If the information is flagged by the firewall or CASB, access is rejected. In fact, the traditional CASB is so much like a firewall that it usually duplicates the security controls most companies already have in place, which increases cost and complexity.

Most CASB solutions claiming to use a “broker”, are simply using an agent or proxy. Some use browser extensions and call their product “agentless”. While they’re not using an agent specifically, they are still using a broker.

Why Do CASBs Need a Broker?

CASBs - No Agents No Proxies BrokerlessCASBs don’t need a broker per se. It’s a term that was created before API cloud security technology entered the market space, but it is important to know that there are distinct differences between an API vs. proxy CASB.

Proxy-based CASBs (or any CASB that uses a type of “broker”) put a checkpoint between the user and the cloud application to check and verify before granting access to the app. The biggest benefit is that it can take security action in real-time, and some can stop an outgoing email that contains sensitive information, based on the organization’s data loss prevention policies, even after it’s been sent.

The disadvantages are that broker-based CASBs can be cumbersome to set up and deploy,  they significantly reduce network speed and slow down user productivity, and they don’t have the ability to monitor the behavior within a cloud app. They simply filter information going in and out of the cloud app within the organization’s network. Broker CASB security can also be broken merely by cloud application updates.

API-based CASBs don’t actually use a broker at all. While these types of platforms still fall under the Cloud Access Security Broker industry category, they don’t really fit the literal term. They’re more like Cloud Application Security Platforms (CASP) because they build deep, one-to-one integrations with cloud apps using native APIs. This is important because API CASBs are able to function almost like a native feature of the application it secures.

The main benefit of API-based CASB architecture is that it can be up and running (and securing) the data in your cloud applications in mere minutes. They also don’t place any sort of filter between user access and the application, so it doesn’t slow down network speed and it won’t impact end-user experience. API CASBs can monitor and control behavior within cloud applications at a much deeper level, ensuring that your actual information and data are protected, instead of just the perimeter.

The disadvantages of an API-based CASB are that there can be a split-second delay in some security functionalities. They also cannot stop outgoing emails after they are sent like a broker CASB can. Because, again, there is no appliance between the application and user access. Both of these disadvantages; however, are usually covered by a company’s firewall and/or secure gateway that are already installed.

Perhaps it’s merely a case of semantics. But the distinctions in how CASB solutions work is important for anyone looking to secure company data that is stored, accessed, and shared in the cloud. More expensive and more complicated does not mean more secure. Your choice in cloud application security should rely on more than just a magic quadrant, it must take into account your organization’s needs and the IT security infrastructure that you already have in place.

Brokerless CASBs Demo-On-Demand - Blog CTA XXL

Cloud Application Security Audit Checklist

Configure settings and mitigate risks with this cloud application security checklist

Using Google G Suite and Microsoft Office 365 provides school districts with many benefits. From improving productivity and collaboration to outsourcing infrastructure security, schools and districts of sizes are making the move to the cloud.

But there are security issues in cloud computing. The NIST Cybersecurity Framework recommends that you run a risk assessment and cloud security audit regularly. This cloud application security checklist is designed to help you run such an audit for your district’s G Suite and Office 365 to mitigate security issues.

Cloud Application Security Checklist Mid-Blog CTA10 Step Cloud Application Security Audit Checklist

What is cloud application security? It is a series of defined policies, processes, controls, and technology governing all information exchanges that happen in collaborative cloud Software as a Service (SaaS) applications like Microsoft Office 365 and Google G Suite.

As your school district moves more information and activity to the cloud, your perimeter security safeguards become less effective. More IT and security professionals are opting to secure cloud storage by deploying a zero trust security model. This checklist also helps you lay the groundwork for deploying zero trust security for your district’s cloud applications.

1. Set password policies

Passwords are the foundation of any good security plan. Educate both students and staff on what factors make passwords strong or weak, and why password strength is so important.

As a system admin, you can set policies and standards for your district’s cloud app passwords. At a minimum, you should enable your system’s “require a strong password” feature. You can also set minimum and maximum password lengths, password expiration, and more.

If you’re setting the standards for the first time, be sure to run a check of current passwords to see whose passwords are out of compliance with the new standards. You can then force a password change through your admin console.

2. Make multi-factor authentication mandatory

Multi-factor authentication requires users to take a second step, after entering the correct password, to prove they have authorized access. This typically includes entering a code that is sent to their phone via SMS. It can also include phone calls, answering security questions, mobile app prompts, and more.

3. Manage SaaS access and permissions

Open Authorization (OAuth) makes app use convenient for end-users, but it can be a little bit of a nightmare for those in charge of IT security. The proliferation of SaaS use in classrooms and throughout school districts makes it difficult to stay on top of what apps have access to your cloud environment, what permissions are granted to them, and how secure the app is itself.

District system admins have the ability to control what apps are allowed permissions to the company’s Google or Microsoft cloud accounts. This can be as simple as restricting access to risky apps, or as customized and detailed as creating sanctioned and unsanctioned apps lists.

 

[FREE] DOWNLOAD YOUR OWN CLOUD APP SECURITY CHECKLIST >>

 

4. Enable anti-phishing protections

Email phishing is still the most common external threat vector. And there is a myriad of tools on the market aimed at removing phishing emails from inboxes. Unfortunately, none of them work with 100% accuracy.

The best option is to start with configuring your native cloud email provider’s anti-phishing capabilities and then layer additional safeguards and monitors on top of it. Educating the rest of your district about common phishing attacks, new ones as they arise, and how to spot them is also extremely important.

5. Turn on unintended external reply warning

One of the ways you can ensure that sensitive, internal information isn’t improperly shared outside of the school district is to enable an external reply warning. This feature also protects your district against forged emails from malicious hackers trying to gain access to internal files and information.

When the external reply warning is enabled, users receive a pop-up notification asking if they’re sure they want to send it to an external domain. It’s important to reinforce to your colleagues why they need to pay attention to this pop-up and think twice before dismissing it.

6. Set external sharing standards

Beyond sending emails, you should configure data loss prevention external sharing standards for shared calendars, drives, folders, and files. The best approach is to start with the most strict standards possible, and then open up as needed.

Files and folders containing the most sensitive information such as student, parent/guardian, and staff personally identifiable and financial information, should rarely (if ever) be configured to allow external sharing and access.

7. Set up message encryption

Encryption prevents anyone other than the intended audience from viewing a message. Microsoft and Google provide native encryption options. In Google’s case, they provide “Confidential Mode”, which works a little differently. There are also a variety of third party encryption tools available.

Sending sensitive or confidential information via email should always have encryption and confidential protections enabled. It forces the recipient to authenticate that they are the intended audience and protects the information from being forwarded to others. The sender can also set up an expiration date to ensure the information isn’t lingering in someone’s inbox into eternity.

8. Set up data loss prevention policies

Fundamentally, data loss prevention is a strategy to ensure that your district’s sensitive and protected information does not inadvertently leave the network—whether it’s accidental or malicious.

System admins have the ability to set up data loss prevention policies in most popular and “enterprise-level” cloud applications. These policies help admins maintain and automate rules around how information can be accessed and shared. Most policies create alerts and actions that the system can take if a data loss prevention policy is broken. For example, if an employee account is trying to share a spreadsheet containing social security numbers with an outside domain, the policy can be set up to automatically warn the user and/or quarantine the file.

 

[FREE] DOWNLOAD YOUR OWN CLOUD APP SECURITY CHECKLIST >>

 

9. Enable mobile management

Everyone in your school district likely uses mobile devices to access school cloud accountsmainly email, files, and drives. These mobile devices represent more endpoints that need to be secured by IT. But, endpoint security isn’t enough in cloud computing security. You will also need to configure mobile device policies in your cloud applications.

10. Run a security health/score audit

Once you’ve completed this checklist, it’s a good idea to run a cloud security audit of your environment. An audit will re-check for any configuration errors, sharing risks, files containing sensitive information, and more.

It’s also important to run an audit on a periodic basis. Weekly and/or monthly audits and reports can be automated and provide you with detailed information into the security health of your cloud applications. Microsoft provides Office 365 Secure Score, which is very helpful in providing on-going health checks and recommendations. Particularly as new security features are rolled out and new risks are identified.

If your school district uses SaaS applications such as G Suite and/or Office 365, cloud application security is a critical layer in your cybersecurity infrastructure. Without it, monitoring and controlling behavior happening within applications are impossible. This blind spot creates critical vulnerabilities in your district stakeholders’ sensitive information and financial futures.

Cloud Application Security Checklist Blog CTA XXL