By Noah Johnson, Co-founder & CTO, Dasera
In recent years, we’ve seen a massive shift as companies eliminate the physical restraints of IT infrastructure and its users by moving to a cloud-based computing environment. According to a Gartner forecast from November 2019, worldwide public cloud revenue is predicted to increase to a whopping $308.5 billion.
“As organizations increase their reliance on cloud technologies, IT teams are rushing to embrace cloud-built applications and relocate existing digital assets.”
While this is great for convenience and your wallet, the security of your infrastructure comes into question when so many businesses have shifted to a work from home setting, whether permanent or temporary.
How resilient is your cloud data infrastructure when the safety net of the perimeter is gone, and what is the best way to protect yourself and your data moving forward?
COVID-19 and the new environment
We have seen so many changes this year in how we live our lives that it’s become hard to keep up. While the big shifts, like permanent or extended work from home, have been obvious changes, what about the more subtle ones, like protecting your business while your employees are working remotely?
The attacks on cloud services more than doubled in 2019. In the Red Book of Insider Threats, Amol Kulkarni, Chief Product Officer at Crowdstrike mentions a 330% increase in e-crime attacks since the start of the pandemic. In the same book, Jintendra Joshi, the Head of Information Security at BetterUp says, “In the post-COVID world, our perimeters have disappeared and the line between trusted insiders and outsiders have blurred.”
Without the safety net of the perimeter in-office, companies need to innovate when it comes to their security just as much as they’ve had to with remote work.
The biggest security issue that companies face right now is the simple fact that employees and contractors have to access the cloud via less secure personal networks and personal devices. This means that before 2020, protecting your networks or endpoints was the simple solution to cloud data breaches, the solution that blanketed all of your employees under one security umbrella. With your employees working from home or using personal devices, that security umbrella has all but closed.
Instead of focusing on the missing blanket, businesses should put a magnifying glass on how data is being used by employees in order to protect against cloud data breaches. This approach is based on two salient points:
- Security has to be applied at runtime, rather than just at rest or after the fact
- Security has to sit closer to the source i.e. the datasets where sensitive data is stored
Adopting a proactive approach that protects data upstream and at runtime doesn’t have to be complicated; all it takes is foreseeing how data is used in normal situations and identifying anomalies that can result in breaches.
Let’s use two scenarios that can potentially be very dangerous in the current COVID pandemic.
Know when an employee is being unnecessarily inquisitive
The pandemic has left a trail of employees experiencing remote work burnout. Reports suggest as many as 69% of employees are experiencing burnout symptoms while working from home. Combining this with employees taking fewer holidays means lesser opportunities to decompress and relax. Tired and frustrated employees might also behave recklessly or become prone to errors of judgement.
This leads to situations where people might use cloud data in ways that are not appropriate or in line with company ethics and policies. For example:
- Looking at a celebrity’s PII data out of inquisitiveness (e.g. health issues or items bought)
- Finding out what their partner or ex has been doing in an app (e.g. purchase/ messaging history)
- Checking out data on their peers’ work (e.g. sales performance of other reps or territories)
How you can build resiliency: every time a data request hits a cloud repository, it generates a SQL query. This SQL query holds the key to understanding anomalous behaviors. AI solutions like Dasera can identify when a possible (accidental or malicious) privacy violation happens. Alternatively, if the number of data requests per day aren’t too high, the security ops team should review the logs manually. If a violation occurs, bring it up with the person, their manager, and in some cases (e.g. repeat offenders) send the case to HR or the person in for training.
The extra line of defense against a credential thief
External hackers are leveraging the uncertainty of the times and the additional vulnerability of remote teams to step up their phishing attacks and stealing credentials. Once an external attacker possesses valid credentials, it’s very hard for security teams to differentiate between an actual user (who’s getting work done) and a thief trying to steal information.
Attackers now apply several sophistications in their exfiltration attempts in order to bypass established security systems that monitor user behavior. Once again the SQL acts as the best possible means to add an extra layer of protection against nefarious activities.
How you can build resiliency: AI can once again understand which data fields are more sensitive and personal in nature (e.g. emails, social security numbers) compared to others (e.g. last purchase date). Algorithms can also detect even the most sophisticated exfiltration attempts on these fields e.g. data downloaded in randomized batches that are not big enough to flag alerts in your current security stack.
How resilient would you say your cloud data in use is?
The question readers should ask themselves at this point is: am I 100% certain neither of the above scenarios happened in our organization since March or April 2020? Shopify just announced two of its employees siphoned off customer data for personal gain. The pandemic has thrown all security teams in the deep end of the pool. And the speed of business requires all of us to be agile and to be able to leverage cloud data to grow faster. The difference in resilience determines which security team keeps dealing with incidents versus which one becomes a true enabler of cloud technology.
About the Author
Noah Johnson is a security researcher, entrepreneur, and co-founder & CTO of Dasera. Noah received his Ph.D. in Computer Science from UC Berkeley and has founded three companies based on his academic research. Noah recently developed the first practical system to provide differential privacy for general SQL queries. This work was featured in Wired and Gizmodo, and serves as the technical foundation of Dasera’s products. Previously Noah led a team of students in developing a platform for automated security analysis of mobile apps. Noah commercialized this work by co-founding Ensighta Security, which was acquired by FireEye in 2012. Noah received several awards as a graduate student including the Signature Innovation Fellowship, Sevin Rosen Award for Innovation, and the Tony Leong Lim Pre-Doctoral Award.