Repave the Cloud-Data Breach Collision Course

Transcription

1 Repave the Cloud-Data Breach Collision Course Using Netskope to enable the cloud while mitigating the risk of a data breach BACKGROUND Two important IT trends are on a collision course: Cloud adoption and data breaches. If you had 100 cloud apps and added 25 more, you d increase you probability of a data breach by 75 percent. Virtually every organization is adopting cloud apps. According to the most recent Netskope Cloud Report, enterprises have an average of 461 cloud apps in use, including 47 marketing, 41 HR, 27 storage, and 27 finance/accounting apps. Many such apps are business-critical, and some are systems of record. IT is aware of about one-tenth of them. The other salient trend: Data breaches are growing in number and intensity. In its 2013 Information Security Threat Report, Symantec reports that incidents increased 62 percent over the prior year while exposed identities increased 368 percent over the same time period. THE CLOUD MULTIPLIER EFFECT The Ponemon Institute and Netskope recently released Data Breach: The Cloud Multiplier Effect, a first-of-its-kind study that examines the role cloud plays in data breaches. Based on a survey of 613 IT and security professionals, the report calculates a baseline expected economic impact for a data breach. Then it introduces nine different independent scenarios involving the use of cloud services (e.g., increase in the use of cloud apps, mobile devices, backup of storage in the cloud), and reveals that each scenario carries a multiplier on the probability and therefore on the expected economic impact of up to three times the baseline. In one scenario, a one percent increase in the use of cloud services translates to a three percent increase in the probability of a data breach. That means if you had 100 cloud apps and added just 25 more, you d increase your probability of a data breach by 75 percent. While 51 percent of survey respondents believe cloud apps are as or more secure than on-premises applications, it s well understood that cloud apps introduce capabilities that change the computing dynamic and therefore increase the probability or the magnitude of a data breach. For one thing, cloud usage is growing quickly within organizations, often without IT s knowledge. This lack of visibility means that IT can t monitor for the existence of risky apps and data violations. Second, cloud and mobile go hand in hand. Cloud apps offer easy access from anywhere, and often provide native apps that make it possible (and in fact preferable) for users to access them from multiple devices. Users are also acquiring and using more devices. Cisco reports an 1

2 average of 3.3 devices per knowledge worker. This means that the surface area for risks, threats, and policy violations is greater today than ever before. Finally, cloud apps make it easy to share data with others, which makes it easy for sensitive data to get out of an organization s control. Sharing is available in not just cloud storage apps, but in customer relationship management, business intelligence, software development, and many other app categories. THE ROLE OF CLOUD APPS IN DATA BREACHES Given these factors, what role do cloud apps play in data breaches? We identify three scenarios in which the cloud increases the probability or magnitude of a data breach. 1 Cloud apps can serve as an entry point for an external attacker to infiltrate the corporate network where they can gain access to data. One common way for this to occur is for an attacker to trick an unsuspecting app user into downloading a malicious file by posing as someone else or befriending the user. Another is for an attacker to exploit a cloud app vulnerability to download malware to users accessing the app. That malware can be used to probe corporate networks for access to internal systems, and then can be used to exfiltrate important data. There have been a number of high-profile incidents of this type in organizations ranging from hospitals to media companies to governments and educational institutions in the past several years. 2 Attackers can breach the cloud apps themselves. One recent example of a breach directly in a cloud app is the attack on code hosting service Code Spaces. Attackers gained access to the organization s Amazon EC2 control panel and used that access to demand ransom. This breach ultimately put the company out of business. 3 A corporate insider can intentionally or inadvertently expose sensitive data from within a cloud app. This can range from a departing individual s theft of business documents to the inadvertent sharing of sensitive corporate content from within a cloud app. FIVE ACTIONS YOU CAN TAKE NOW How can your organization take advantage of all of the benefits cloud apps offer while protecting against a data breach? Below are five actions you can take now. 1 Discover the enterprise cloud apps in your environment and assess their risk. Find out what security, auditability, and business continuity capabilities those apps have. Understand who is using them and communicate with them about what you find. Just a few examples of cloud app attributes that matter when it comes to data breaches are: Encryption of data-at-rest (so your data are protected even if they are compromised) Separation of tenant object stores in the cloud (so if an adjacent tenant experiences a breach, your data won t be impacted by it) 2

3 A backup and disaster recovery plan (so if your data are deleted or corrupted as part of a breach, you can recover) The presence of un-remediated vulnerabilities (so you will not be the victim of an exploit entering your corporate network through a vulnerable app) 2 Consolidate low-quality apps. Depending on your organizational culture, business case for the app, and the availability of app alternatives, you may choose to: Have a data-driven discussion with users or the line-of-business to drive corporate policy. Rely on app ratings and usage data to convince stakeholders to migrate to higher-quality app alternatives Block risky app activity such as upload or share while coaching users to migrate to higher-quality apps If the app is truly poor and the risk-reward tradeoff doesn t make sense, block the app entirely, while coaching users to alternatives 3 Understand what data are in your cloud apps. This includes not just what files are being uploaded to cloud storage, but in a host of other apps housing both structured and unstructured data. Examples include: Customer or employee data housed in files or database records Intellectual property such as CAD design files or software source code Confidential business content such as strategic plans, acquisition plans, and business analyses Sensitive product information such as roadmaps, release plans, and bug queues Non-public financial data such as pre-release quarterly results 4 Gain visibility into user activities in cloud apps. This includes monitoring uploading, downloading, and sharing in cloud apps. Some examples that are relevant to a data breach scenario include: Users downloading content from a vulnerable app, as the download could contain a malicious payload if the vulnerability has been exploited Unauthorized users downloading employee data from an HR app Insiders sharing non-public financial data from a storage app during a company s quiet period 3

4 A departing employee downloading a roadmap from a software development app A financial or legal representative on a business merger or acquisition sharing deal or e-room content with unauthorized individuals such as research analysts or investors 5 Mitigate risk through granular policy. Start with business-critical apps or ones in which sensitive data are housed. Consider the following policies: Allow the app, but block the upload of regulated data. Coach users on your data policy. Allow apps, but block the upload of sensitive data to low-quality apps or ones without specific capabilities, such as encryption of data-at-rest. Coach users on alternatives. Temporarily block apps with vulnerabilities, or allow the apps but block attempted downloads. Communicate with users that download is temporarily disabled until the app is remediated. HOW NETSKOPE MITIGATES RISK AND PROTECTS DATA IN A DATA BREACH Netskope is the leader in cloud app analytics and policy enforcement. Only the Netskope Active Platform eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps. How does Netskope mitigate risk and protect against data breaches? With a combination of discovery, risk ratings, app data, usage visibility, and policy enforcement, we help your organization protect against cloud apps being used as an entry point for a data breach, keep your cloud apps from being breached in the cloud, and provide you the control you need to prevent insiders from intentionally or inadvertently causing a breach. We offer these capabilities while enabling you to protect user privacy through granular traffic filtering, identity obfuscation, and rolebased administrator access controls. Below is a matrix that shows the intersection of scenario and recommended action, each with an example of how Netskope mitigates the risk or magnitude of a data breach. 4

5 CLOUD APP AS ENTRY POINT CLOUD APP BREACH INSIDER THREAT WITHIN CLOUD APP DISCOVER APPS AND ASSESS RISK See downloads from vulnerable apps See uploads to apps that don t have encryption of data-at-rest, separation of tenant data, etc. Monitor users who have access to apps housing sensitive data CONSOLIDATE LOW-QUALITY APPS Consolidate usage to non-vulnerable apps Consolidate usage to higherquality apps with capabilities such as encryption of dataat-rest Consolidate data uploads to sanctioned, more tightlyadministered apps UNDERSTAND DATA IN APPS Discover when cloud apps are delivering malicious content Discover apps housing sensitive records and confidential files Alert on user upload, download, etc. of sensitive content GAIN ACTIVITY- LEVEL VISIBILITY See all activities in vulnerable apps Alert on excessive sharing, downloads, etc. from apps Alert on sharing outside of the company; construct postevent audit trails MITIGATE RISK THROUGH POLICY Block downloads from vulnerable apps; coach users Block uploads to apps without encryption of dataat-rest, separation of tenant data, etc. Block the upload or download of sensitive data NEXT STEPS As organizations use of cloud apps grows, so too does the probability of data breach. In short, cloud usage and data breaches are on a collision course. Netskope can help you repave this course by providing the visibility and control you need to mitigate the risk and magnitude of a data breach involving the cloud. Your next step is to contact Netskope for a complimentary Snapshot Cloud Assessment. Use it to discover the cloud apps in your environment and quantify your organization s risk. Let us help you build a practical plan to protect your data while safely enabling the cloud. 5

6 ABOUT NETSKOPE Netskope is the leader in cloud app analytics and policy enforcement. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps. The Netskope Active Platform TM performs deep analytics and lets decision-makers create policies in a few clicks that prevent the loss of sensitive data and optimize cloud app usage in real-time and at scale, whether IT manages the app or not. With Netskope, people get their favorite cloud apps and the business can move fast, with confidence. Netskope is headquartered in Los Altos, California. Visit us at and follow us on Share This Paper 2014 Netskope, Inc. All rights reserved. Netskope is a registered trademark and Netskope Active, Netskope Discovery, Cloud Confidence Index, and SkopeSights are a trademarks of Netskope, Inc. All other trademarks are trademarks of their respective holders. 06/14 WP