Cloud usage has the potential to increase the risk of insider threats. Cloud providers including Amazon, Microsoft, Google, and others, have recently said that they are struggling to deal with an increase in remote tools usage.
As organisations globally adapt for remote working, they might be failing to ensure adequate security of data. Cloud usage, in particular, increases the risk of insider threats, as 52% of companies believe that detecting insider attacks is harder in the cloud than on-location, according to a recent report. Therefore, it is now as important as ever for organisations to implement proper measures to alleviate insider threat to protect their data in the cloud.
Why do employees working remotely pose a threat to cloud security?
Firstly, employees working remotely use a host of cloud applications to exchange data, including sensitive data, and they could misplace the data in insecure locations, leading to compliance violations. For example, sharing sensitive data via Zoom – an increasingly popular application for telecommunication – will result in data sharing across with a high risk of unauthorised access. In a survey in the UK, 39% of respondents are sure that employees share sensitive data through cloud applications outside of organisations IT controls.
Secondly, employees working remotely often work from their personal devices which are not monitored by the corporate IT team, and are more prone to data security breaches than their secured corporate devices. Personal devices are often vulnerable to cyber threats by acting as entry points. Once an attacker has an entry in the employee’s device, they literally have the “remote control” and can monitor and leverage any outbound connections from this. They can gain access to all cloud services the user connects to or even to the on-premise corporate network, as soon as the employee establishes a VPN connection or a Remote session to any internal servers.
In addition, an employee might lose his/her device, or let other family members use it, which will result in unauthorised access. In some cases, employees copy confidential data to their personal devices from corporate cloud storage with harmful intent, which is a serious security risk as well.
Step 1: Develop an exhaustive security policy for remote working employees
An organisation should ideally develop a proper security policy with a focus on cloud security, before asking its employees to work remotely. The policy should ensure that all permissions to storages with sensitive data are granted on a ‘need-to-access’ basis to employees to access the information they do not need to do their job.
In addition, it is important to establish effective and efficient access controls and identity verification methods such as multi-layered authentication, this will protect the sensitive data in the cloud from unauthorised access.
Finally, training of employees on the ‘dos’ and ‘don’ts’ of the cloud is important, from the principles of dealing with sensitive cloud data to instructions for patching and securing their personal devices. All these measures and more should be implemented on an ongoing basis, with the Information Technology team of the organisation ready to support employees with any issue they face while working from home, operational problem or a security issue.
Step 2: Obtain visibility into sensitive data
Knowing where the sensitive data resides in the cloud is critical for the organisation. This is extremely challenging as modern organisations use multiple cloud services.
According to a study, McAfee has estimated that an average enterprise uses around 1,427 distinct cloud services and an average employee uses 36 cloud services at work actively. The higher the number of cloud services employees use, the higher the challenge it is for an organisation to track the handling of data. There is an increased risk of misplacing sensitive data and the bad PR and compliance issues that come with it. To reduce data exposure, it is critical to deploy technologies that automatically discover sensitive data across multiple cloud services and classify based on sensitivity on an ongoing basis.
Step 3: Monitor user activity around sensitive data
Cloud data is prone to a broad range of threats for data exfiltration by employees, it is extremely important for an organisation to detect such cases in an efficient manner. Detecting whether it is the malware trying to get into the corporate network, or an employee trying to steal the customer database? All these cloud computing security risks are accompanied by variability in user activity. Hence, if an organisation uses cloud computing and cloud storage, it is important to have tools or technologies that can track user behaviour (UBA) and detect deviations from normal user behaviour and alert the IT security team about potential threats.
Examples of anomalies that indicate a threat include abnormal Login attempts – to log on from multiple devices, multiple subsequent logins in a short duration, and a very high number of login failures; or difference in data access patterns from one user to its peers.
It is important to note the shift from office to remote work will probably cause changes in users’ access patterns. Businesses can expect a higher number of false positives from Machine Learning-based behaviour and anomaly detection solutions in the first few weeks.
This is in no way an exhaustive list of measures, but it is a guide that can help organisations reduce insider threats in the cloud during ‘the world’s largest work-from-home experiment’, as Time has dubbed this pandemic COVID-19 outbreak. With the subsequent economic recession that is predicted to follow, cloud computing will be a cost-effective way to run businesses. Leading to a boom in the demand for trained cloud computing professionals, which is where one of India’s best cloud computing programs can help you upskill and be ready for that opportunity. Learn more about the Great Lakes Cloud Computing Program.
