Head in the Sand 10: No systems are 100% secure. State actors and crackers can hack almost everything. The most effective safeguard is to adopt some form of autonomous Cloud Access Security Broker (CASB) for dynamic protection.
In the AI-powered arms race identified in Issue 5, intelligent automation of threat prevention is seen as not only necessary, but also inevitable. At the same time the pan-EEA digital equivalence driven by the Digital Single Market is adding further momentum to the move to international public cloud services. Consequently, Cloud Access Security Brokers
(CASBs) have become essential tools for organizations seeking to ensure adequate data protection in the cloud. CASBs provide critical capabilities such as governing access and activities in sanctioned and unsanctioned cloud services, securing sensitive data and preventing its loss, and protecting against internal and external threats.
CASBs can be used to govern usage: for example, governing access to Office 365 and other cloud services or monitoring privileged accounts and prevent unauthorized activity in IaaS instances. CASBs can also protect against password or email abuse, while also monitoring and controlling users’ activities when they remotely access cloud services.
Intelligent or autonomous CASBs can also provide real-time, activity- or data-level policy enforcement and protection from data exfiltration while detecting anomalies in data usage or access.
Research by Oracle CASB Threat Labs has warned of attacks from Russia-based IP addresses that were actively attempting to penetrate US-based infrastructure, including devices attached to personal networks, such as home routers. A common tactic in many types of attacks is to execute “low volume” (few transactions) and “low velocity” (few targets) transactions that can be difficult to detect in highly-active cloud services. When such attacks are propagated by nation states, they can be harder to identify and defend against. This is an area where machine learning, and artificial intelligence can help significantly. Indeed, an intelligent Cloud Access Security Broker (CASB) recently helped detect and notify customer teams about one such attack.
F5 Networks reported an increase in cyber-attacks on Singapore-based resources from June 11-12, 2018 while the visiting US President met with the leader of North Korea. This insight motivated F5 Networks to focus on future travel by the US President for increases in cyber-attacks leading up to and during his state visits. On July 19, 2018, F5 Networks published an article regarding information security attacks on Finnish resources before and during the summit between the US and Russian Presidents. While the majority of the attacks reported by F5 Networks were “brute force” attacks targeting IoT devices, other unknown entities attempted to breach credentials and compromise resources across cloud environments used by Finland-based organizations.
Oracle’s CASB is actively engaged in monitoring cloud services employed by some Finland-based organizations and like F5, it has identified significant increases in anomalous activities over this period of time. One global CASB customer, with a Finland-based HQ, was alerted to threats to user accounts in one of its primary cloud services by attackers attempting to replay user authentication tokens. These low volume token replay attempts from suspicious IP addresses alerted us to perform further research that revealed similar attempts from locations without an associated IP reputation.
There’s another threat to data security and it stems from the GDPR itself. State level actors cannot be expected to play by rules and can easily exploit loopholes or compliance requirements that can potentially weaken cloud security. The same right to be forgotten which imperils blockchain users also requires individual review of data which exposes enterprises to insider threat, social engineering and exploit hacks through human error such as incomplete updates or incomplete erasures which can leave both passwords and backdoors exposed.
Article 17 of the GDPR gives individuals the right to ask for their data to be deleted and organisations do have an obligation to do so, except in the following cases:
- the personal data your company/organisation holds is needed to exercise the right of freedom of expression;
- there is a legal obligation to keep that data;
- for reasons of public interest (for example public health, scientific, statistical or historical research purposes).
With regard to the right to be forgotten online, organisations are expected to take reasonable steps (for example technical measures) to inform other websites that a particular individual has requested the erasure of their personal data. Data can also be kept if it has undergone an appropriate process of anonymisation.
If someone already has legitimate credentials, many identity management controls will not prevent that user from taking action, whether malicious or benign. A CASB with built-in Advanced User and Entity Behavior Analytics (UEBA) complements security solutions and security measures built into cloud services. With intelligent analysis of user behavior, EUBA can detect suspicious activities, malicious activities, and even identify risky user behavior before a breach occurs.
CASBs enable organisations to extend their information protection policies and programs from their on-premises infrastructure and applications to the cloud – providing a central location for policy and governance concurrently across multiple cloud services — for users and devices — and granular visibility into and control over user activities and sensitive data.
With cloud usage growing exponentially, CASBs have become an essential element of any cloud security strategy, helping organizations govern the use of cloud and protect sensitive data in the cloud. Gartner Inc recommends that security and risk management leaders concerned about their organizations’ cloud use should investigate CASBs. Other commentators go further, describing CASBs, and in particular autonomous ones, as rapidly becoming essential for almost all organisations.