As we kick off 2015, cloud apps are playing an increasingly large role in enterprise IT. Whether they are sanctioned or not, cloud apps are proving the shortest and fastest route to the solutions that the business needs. In a recent Gartner survey, IT managers expressed a range of concerns about cloud apps from lack of visibility into who is accessing corporate data, to lack of confidence in cloud providers’ security controls. In this post, we’ll take a look at the top ten cloud app security challenges that todays’ enterprises should consider when devising their cloud security strategy.
1. Lack of visibility into the apps that are self-provisioned by employees
Much has already been written about the dangers of shadow IT. The bottom line is that IT cannot begin to define and enforce a cloud security strategy if they are unaware of the applications that are in use. Today it is so easy to sign up for cloud services that it is nearly impossible to prevent it from happening. So as a first step to addressing cloud security risk, it’s essential for IT to be able to discover the cloud apps that employees are provisioning on their own. And since the landscape is changing daily, they need a solution that can periodically scan activity and flag the latest additions.
2. Limited understanding of the actual risk posed by each app
So you discover that employees have self-provisioned another cloud service. Now what? How do you know whether the application is risky or not? The risk profile of a cloud app involves a wide variety of parameters including their security practices, data center location, regulatory compliance, incident history and more. In addition to these general issues, there is the question of how the application is being used by your own employees. Have they set up the application’s security options according to your policies and industry best practices? In order to decide how to handle a cloud app, it is essential to have an accurate and comprehensive picture of the risks.
3. Inability to identify orphaned or dormant user accounts
User accounts are the most effective way for hackers and malicious insiders to penetrate cloud apps and steal valuable data. Abuse of a dormant account can go unnoticed for a much longer period of time than an active user account. Dormant accounts are also an unnecessary expense that can be eliminated. Orphaned accounts do not correspond to a known user in the company’s organizational directory. It could be a former employee that’s been disabled elsewhere, but still has legitimate credentials in the cloud app, posing a serious threat.
4. Implementing user access control with risk-based step-up authentication
Every cloud app provides different user access controls, which may or may not be in line with your corporate standards for authentication. And users are accessing cloud apps from off-site and over unsecure networks. Since cloud app accounts are even more vulnerable than on-premise deployments, it’s important to be able to evaluate risk in context and to apply additional security measures, such as a one-time passcode for high-value operations, when necessary.
5. Managing access from corporate and personal mobile endpoints
Not only are employees accessing cloud apps from off premises – they are accessing them from a wide variety of mobile devices. Some are managed corporate devices, and many others are BYOD and vulnerable to hackers. To add to the complexity, some users may use browsers, while others prefer rich mobile apps. IT needs a way to manage cloud app access from all types of mobile devices, along with the flexibility to define different policies for managed and personal devices.
6. Lack of insight into user and administrator activity for each app
To protect data stored in the cloud, you must be able to see what’s there, who’s accessing it, and what they are doing. That’s even more important when it comes to administrators of unsanctioned SaaS apps, which are often left unprotected. For some organizations, the ability to audit administrator activity is also a compliance requirement. Equally important is monitoring activity and securing accounts for administrators handling your critical infrastructure resources – the Amazon Web Management Console is a prime example.
7. Increase in account takeover attacks targeting cloud apps
High-profile attacks in 2014 that leveraged social media, cloud-based email, and Amazon Web Services prove that hackers are focusing their efforts on stealing cloud app credentials. According to the Verizon Threat Report, in two out of three attacks, hackers use stolen credentials at some point in order to achieve their goals. No matter how good the security is at the cloud service providers’ data center, using stolen credentials hackers can “walk in through the front door.” In order to identify and block account takeovers, IT needs visibility into cloud app usage, along with the ability to flag anomalies in real-time and alert or block access, as appropriate.
8. Blindness to where data is going in the cloud and what data is out there
When it comes to cloud apps, you do not know where your data is stored – literally. Data centers are spread across the globe and may place your information in a jurisdiction that is not permitted by your corporate governance policies or security and compliance mandates. It’s important to have an up-to-date report on where cloud service providers keep their data in order to make an informed decision about whether to sanction their use. For instance, file sharing and collaboration services like Box and Dropbox are increasingly being used by employees. Do you know where your data is?
9. SIEM infrastructure is not “cloud aware”
For many organizations, Security Incident and Event Management (SIEM) systems are critical for correlating data to understand risk and identify potential threats to data center resources. But cloud applications operate outside the range of enterprise SIEM deployments. Most SaaS providers do not provide the detailed information on cloud app usage that SIEM requires, and the ones that do, provide varying amounts of information in different formats. Aggregating standardized activity logs across all cloud apps is a necessity in order to extend SIEM to the cloud.
10. Lack of controls for enforcing security policies for cloud apps
Last but not least, the layers of security that you have implemented to protect the data center have no bearing on cloud apps. IT lacks the ability to define consistent usage policies and access policies across all of their cloud apps and to enforce them effectively. To cope with the wide variety of cloud apps and their varied uses, you need a way to enforce policies based on any combination of user, event, endpoint device, location, data object, time, and other parameters.
Taking Control of Cloud Apps in 2015
Skyfence offers a step-by-step solution for addressing the top 10 cloud app risks. Starting with discovery, Skyfence enables you to see what applications are in use, and by whom. It provides risk information about the cloud app service provider, and about the specific security settings and user rights in your organization, so that you can make informed decisions about how to manage cloud app risk.
When you are ready to start implementing policies and enforcing controls, Skyfence provides granular usage analytics, down to the data object and action taken. Built-in and custom security policies enable you to implement step-up access control, to manage mobile device usage, and to alert or block suspicious behavior. Learn more about the Skyfence Cloud Gateway or get started by downloading our free cloud app discovery tool.