Cloud Security Problems: What can be done?
/
0 Comments
As companies leverage cloud services more in order to stay competitive in the market place, it is important to keep in mind that security against cyber threats is not entirely outsourced to the vendor offering the cloud service. From a monitoring and cyber threat detection perspective, it actually doesn’t change much especially if employees working from home are involved.
It isn’t the SAAS that’s Especially VulnerableSoftware As A Service (SAAS) vendors know that if they are storing confidential personal information and they fall victim to an attack that results in data theft, their corporate image can be badly scared. For this reason, some of them employ top ranked cyber threat detection systems. Beyond firewalls and network behavior monitoring systems, the SAAS has the luxury of knowing what their traffic should look like. For instance, they know that:
- All connection occurs on a secure link
- The majority of connections is either download, upload or possibly about equal – it depends on the type of service. For example: NetFlix is mostly download, Cloud backups are largely uploads and Gmail is about equal.
- Most connections are either short lived (e.g. twitter) or last a good portion of the day (e.g. Salesforce)
A SAAS knows how their application typically behaves and some watch for abnormalities. If for example a tremendous amount of queries are executed or if a data download threshold is breached: events can triggered with lead to investigations. We can’t however, assume that every SAAS we employ is taking these proactive measures. What else should companies be doing?
Working from Home Security
When most employees need resources from the corporate data center, they leverage a VPN connection. This provides a decent level of protection when they access corporate resource however, when they access the internet, they are relying on their own security. Most remote employees are not security professionals. For this reason, the in home security measures typically include anti-virus software and an inexpensive firewall solution.
When most employees need resources from the corporate data center, they leverage a VPN connection. This provides a decent level of protection when they access corporate resource however, when they access the internet, they are relying on their own security. Most remote employees are not security professionals. For this reason, the in home security measures typically include anti-virus software and an inexpensive firewall solution.
When remote employees leverage the SAAS however, they do so directly as having all employees access a SAAS over the VPN could cause unacceptable performance issues due to congestion. As a result, corporate security professionals rely on the SAAS to protect the corporate data being accessed by the employee working from home.
The Biggest Cloud Security Problems
The weakest link in cloud security is often the employee working from home. Think about this, if you were the hacker looking to steal information, you would probably have a target in mind. Would you go after the SAAS that holds the data or the remote employee who has as access to the data you want?
The weakest link in cloud security is often the employee working from home. Think about this, if you were the hacker looking to steal information, you would probably have a target in mind. Would you go after the SAAS that holds the data or the remote employee who has as access to the data you want?
Remote employees are subject to the same types phishing emails and click jacking attempts that corporate users are in the office. The bad guys know that sooner or later persistence pays off. Eventually the target is going to click on something that will infect them. When this happens, the malware installs itself and makes and makes a few beacons out to the Internet looking for one of the predetermined command and control servers. Eventually the instructions become available and the malware leverages the connection to the SaaS to carry out it’s evil deed. Who’s at fault if the malware is successful at exfiltration and stealing your company’s confidential information from the SaaS? I guess we should let the legal teams figure this one out but for now, what systems should we have in place in preparation for an event like this?
Collect the Flows
One of the best measures we can take in preparation for nearly any type of cyber attack is making sure a system is in place which allows the security team to be effective at incident response. All major routers and firewalls can export NetFlow or IPFIX. In a sense, this makes each one of these devices a type of surveillance camera. Collecting and storing flow data such as those provided by NetFlow and IPFIX provides sufficient data to investigate and react to nearly any type of cyber threat that involves the network. They can also be used to monitor for certain unwanted and suspicious behaviors.
One of the best measures we can take in preparation for nearly any type of cyber attack is making sure a system is in place which allows the security team to be effective at incident response. All major routers and firewalls can export NetFlow or IPFIX. In a sense, this makes each one of these devices a type of surveillance camera. Collecting and storing flow data such as those provided by NetFlow and IPFIX provides sufficient data to investigate and react to nearly any type of cyber threat that involves the network. They can also be used to monitor for certain unwanted and suspicious behaviors.
In some cases, it is wise to issue firewalls to remote employees that are flow exporting capable. Not only does this improve their Internet protection but, if the flow data is streamed to a collector, the IT team back at corporate gains insight into their daily traffic patterns. Specifically, they can setup monitors that can uncover unwanted behaviors to important SaaS services. A side benefit is that managers can make sure the employees Internet traffic is largely job related when working from home.
The bottom line: Cloud Security Problems are not easily dealt with. However, performing a forensic threat investigation with NetFlow or IPFIX ensures that you have all of the communication details related to Internet related data theft.
