Cloud Security

Cloud computing—a broad term that describes the move to the cloud and a mobile workforce—has brought new security and compliance risks. Cloud account takeover, data oversharing, and usage of unapproved cloud applications present considerable challenges to security teams. That’s why gaining visibility into and control over IT-approved applications is critical to cloud security. Many organizations must secure Microsoft Office 365, Google G Suite, Box, Dropbox, Salesforce, Slack, AWS, ServiceNow, and more.

Cloud security encompasses the technologies, applications, controls, and policies that protect people, data, and infrastructure from cyber-attacks and compliance risks on cloud computing platforms. It involves a comprehensive set of security measures designed to address both external and internal security threats to organizations, including controlling security, compliance, and other usage risks of cloud computing and data storage.

By guarding data and assets, cloud security services provide a critical safety net for organizations that rely on cloud-based solutions. It establishes increased reliability and availability of information, reduces upfront and ongoing costs related to data protection, enables easier scalability, and provides improved protection against sophisticated attacks on people and systems.

A key element of cloud security is a CASB, which stands for Cloud Access Security Broker or Cloud App Security Broker. A CASB can be deployed on-premises or in the cloud, acting as an intermediary between cloud service users and cloud applications. It monitors cloud activity, blocks attacks, and enforces security policies.^[1]

With managed cloud security solutions, organizations can effectively prevent targeted cyber-attacks, address regulatory compliance, and mitigate usage risks associated with cloud computing and data storage. This critical investment fosters a more resilient cloud environment and a more productive organization.

Unlike traditional cybersecurity solutions focusing on perimeter and network security, cloud security leverages a data-centric approach to prevent unauthorized access, such as authorization processes, data encryption, and multi-factor authentication.

As part of the information security model known as the “CIA triad,” cloud security works by maintaining the Confidentiality, Integrity, and Availability of data and operates in three primary cloud environments: public, private, and hybrid cloud services. The appropriate environment depends on the type of individual or organization using cloud security, the nature of their business, and data needs.

According to the latest statistics by Colorlib, 94% of organizations use cloud computing and cloud-based collaboration or messaging tools to share files and information with colleagues and partners. At the same time, regulated data and intellectual property (IP), such as trade secrets, engineering designs, and other sensitive corporate data, are put at risk.

Cloud computing infrastructure requires protection from cyber threats. Cloud security is a branch of cybersecurity devoted to this task. Not only is cloud security important for data protection, but it also helps industries and organizations meet compliance requirements, safeguard against reputational damage, establish business continuity in case of disruptive events, and even provides a competitive advantage in a predominantly cloud-based landscape.

Cloud security is essential in helping organizations address specific vulnerabilities and threats. Employee negligence or lack of training can create cloud security threats, such as oversharing files via public links that anyone can access. Data theft by insiders is also common. For example, salespeople leaving a company can steal data from cloud CRM services.

Shadow IT refers to using cloud apps and services without explicit IT approval. Users typically deploy unapproved software-as-a-service (SaaS) applications for file sharing, social media, collaboration, and web conferencing. Users who upload corporate data to unapproved apps may violate data privacy and residency regulations.

And there’s another growing challenge: third-party apps and scripts with OAuth permissions. OAuth-connected, third-party apps access IT-approved cloud computing services, such as Microsoft Office 365 and Google G Suite. It is common to see a hundred, if not a thousand, apps and scripts in an organization’s cloud environment. Some pose risks because of poor design, giving them broader than necessary data permissions. Some are malicious or easy to exploit. What’s the danger of OAuth? Once an OAuth token is authorized, access to enterprise data and applications continues until revoked.

Cloud-based security is not a set-it-and-forget-it solution. It requires strategic implementations, regular assessments, and a unified company culture that’s aligned with the following best practices:

Utilize Strong Access Controls

Robust cloud security platforms often have identity and access management (IAM) solutions to enforce the principle of least privilege. This includes multi-factor authentication (MFA) across all user accounts, especially accounts with elevated privileges. Maintaining tight access controls requires teams to review and update permissions to ensure users only have the necessary access to perform their roles.

Encrypt Data at Rest and in Transit

Employing robust encryption mechanisms for data at rest and in transit is a fundamental best practice for effective cloud security. By using the latest encryption protocols and ensuring proper data management practices are employed, organizations can better protect sensitive information from unauthorized access, even when other security measures fail.

Perform Regular Security Assessments

Frequent vulnerability assessments and penetration testing are critical to identify potential vulnerabilities in your cloud infrastructure. Teams must adopt a continuous monitoring strategy to detect and respond to security threats in real-time. Regular security assessments help maintain a more robust security posture while ensuring compliance with industry standards.

Implement a Comprehensive Backup and Recovery Strategy

Organizations should develop and maintain a robust data backup schedule and disaster recovery plan. Frequently test your backup and recovery processes to ensure data can be quickly restored in case of a security breach or system failure. In the event of a disaster or beach, these proactive practices help to maintain business continuity and prevent data loss.

Adopt a Zero Trust Security Model

Take measures to implement a zero trust architecture to cybersecurity. This best practice assumes no trust by default, even within the organization’s network. Verify every access request, regardless of its source, and continuously monitor and log all activities. A zero trust model significantly reduces the risk of lateral movement by potential attackers and helps contain security breaches.

By focusing on these key best practices, organizations can significantly improve their cloud security posture and better protect their valuable assets and data in the cloud environment.

Organizations and cybersecurity teams also face challenges in delineating where cloud service provider responsibilities end, and their own responsibilities begin—and those gaps can lead to vulnerabilities.

• Advanced threat intelligence: With today’s cloud security platforms leveraging advancements in AI and machine learning, organizations can take advantage of advanced threat detection and prevention. These systems process and analyze vast collections of information, helping identify emerging threats and establish proactive protection.
• Centralized security management: With the accessibility and control of cloud security services, organizations benefit from centralized management of security measures across multiple platforms and applications. This unifies and simplifies administration duties, reduces complexity, and ensures consistent policy enforcement.
• Automated security updates: The risks associated with version control and data platforms can be mitigated when working with a cloud security provider, as they typically handle security updates and patches automatically. Systems always remain protected against the latest vulnerabilities without requiring manual oversight or intervention.
• Disaster recovery and business continuity: Cloud security solutions typically include reliable data backup and disaster recovery. In the instance of a data breach or network failure, this level of support ensures that data can be quickly restored, minimizing downtime and data loss.

• Improved resource allocation: By outsourcing cloud security needs with a trusted provider, organizations can reallocate their internal resources to focus on core business activities. This can reduce the administrative load on teams, increasing productivity and innovation.
• Global security standards: Meeting regulatory compliance requirements across different geographical regions presents a major hurdle for large organizations. Partnering with a cloud security provider alleviates these worries, as such providers have built-in systems designed to adhere to global security standards and certifications.
• Flexibility and scalability: Today’s cloud security solutions are designed to scale with an organization’s growth. As the scope and demands of a business evolve, security measures can be adjusted without significant investments in hardware or software.

There’s no denying the ROI that cloud-based security services can offer businesses, especially at the enterprise level. These solutions not only protect sensitive data but also enhance a business’s operational efficiency and competitiveness.

Today, organizations leverage multiple types of cloud security solutions to safeguard their data. These solutions can be used together to establish a holistic and effective cloud security strategy.

Identity and Access Management (IAM)

IAM manages user identities and access to cloud resources. It ensures proper authentication, authorization, and user management to prevent unauthorized access while providing granular control over who can access specific cloud resources and what actions they can perform.

Network and Device Security

Network and device security reinforces cloud infrastructure and devices against network-level attacks and ensures proper configuration. This cloud security solution—firewalls, IdPs, and VPNs—helps protect against DDoS attacks, malware, and other external threats. Endpoint protection and mobile device management can also help secure devices used to access cloud resources.

Security Monitoring and Alerting

Continuous monitoring, detection, and alerts use tools like IdPs and SIEM systems to provide real-time monitoring of cloud resources and help organizations respond quickly to security threats. Security monitoring solutions also collect and analyze data from various sources to identify potential security incidents and generate alerts.

Cloud Access Security Broker (CASB)

CASBs are a cloud security system that acts as a gatekeeper between an organization’s on-premises infrastructure and the cloud. They can effectively monitor and enforce security policies across all cloud applications and services, enabling organizations to gain visibility into cloud usage and enforce compliance with regulatory requirements.

Data Security

Data Security protects data from unauthorized access, tampering, and loss using encryption, data masking, and access controls. It includes securing data at rest, in transit, and in use. Data loss prevention (DLP), access control, and encryption solutions protect sensitive data in the cloud.

Security Information and Event Management (SIEM)

SIEM systems aggregate and analyze log data across an organization’s IT infrastructure to detect and respond to security threats. These solutions provide centralized visibility, advanced threat detection through event correlation, and support for compliance reporting. Modern SIEM solutions often incorporate AI, machine learning, and integration with other security platforms to enhance threat detection and automate incident response.

Disaster Recovery and Business Continuity Planning

This vital solution involves planning strategies to restore cloud services during a disaster and minimize downtime. Disaster recovery involves identifying critical data and applications and establishing recovery time objectives (RTOs) and recovery point objectives (RPOs) to ensure that data and applications can be restored within acceptable timeframes.

Legal Compliance

Legal compliance ensures that cloud services comply with legal and regulatory requirements, including data privacy and protection. Compliance with regulations such as HIPAA, GDPR, and CCPA is critical for organizations that handle sensitive data. Legal compliance involves implementing appropriate controls to protect data privacy and ensuring that cloud services meet regulatory requirements.

Governance

Governance establishes policies and procedures to govern cloud service usage and ensure proper risk management and compliance reporting. It ensures that cloud services comply with industry regulations and standards. Governance involves identifying and managing risks associated with cloud services and establishing appropriate controls to mitigate them. It also includes establishing policies and procedures for data classification, access control, and incident response.

• Visibility. Presents a consolidated view of an organization’s cloud service landscape, including details about users accessing data in cloud services from any device or location.
• Data Security. Some CASBs provide the ability to enforce data security policies to prevent unwanted activity. Policies are applied through data loss prevention (DLP) controls such as audit, alert, block, quarantine, delete, and view only.

• Threat Protection. CASBs provide adaptive access controls to prevent unwanted devices, users, and certain versions of apps from accessing cloud services. Cloud app access can be changed based on signals observed during and after login.
• Compliance. CASBs help organizations demonstrate that they are governing the use of cloud services. CASBs assist efforts to conform to data residency and regulatory compliance requirements.^[2]

Cyber criminals often exploit vulnerabilities and weaknesses in cloud security to gain access to valuable data and assets. Once attackers access cloud account credentials, they impersonate legitimate users. They can trick your people into wiring money to them or releasing corporate data. They can also hijack email accounts to distribute spam and phishing emails.

A study of over 1,000 cloud service tenants with over 20 million user accounts found over 15 million unauthorized login attempts in the first half of 2019 alone. More than 400,000 of these attempts resulted in successful logins. About 85% of tenants were targeted by cyber-attacks, and 45% had at least one compromised account in their environment.^[3]

Cyber criminals tend to target popular SaaS applications like Microsoft Office 365 and Google G Suite. Just about everyone at your company uses these applications, which hold the key to business communication and vital data. Attackers use a variety of techniques and exploit several vulnerabilities to compromise cloud account credentials and take advantage of vulnerable users, including:

• Intelligent Brute-Force Attacks: Brute-force attacks are a trial-and-error technique in which the attacker submits many username and password combinations until something works. What makes such attacks intelligent is using automated tools to expose multiple combinations of usernames with passwords in large credential dumps.
• Advanced Phishing Campaigns: Otherwise known as “credential phishing,” these targeted and well-crafted campaigns come in various forms and deceive people into revealing their authentication credentials. Attackers usually carry out phishing via socially engineered emails.
• Password Recycling: This common cloud security threat is characterized by the same password used across multiple accounts. If an attacker gets their hands on an account’s credentials from an unrelated data breach, they can leverage password recycling to breach other sensitive accounts and data.
• Data Loss and IP Theft: On any typical business day, people share information with colleagues, partners, and others via cloud-based collaboration or messaging tools. However, a lack of employee training on cloud security or worker malice could result in sharing sensitive data with those who shouldn’t be able to see it.
• Malicious File Shares: Phishing links, credential stealers, and downloaders are typically used in these types of attacks. Threat actors also distribute malware via cloud services such as Dropbox.
• Data Breaches: One of the most significant risks associated with cloud security is the potential for a data breach. Hackers can gain access to cloud-based systems and steal sensitive information, such as financial data, personal information, or intellectual property.
• Shadow IT: People and departments within an enterprise often deploy new cloud apps and services without the approval or even awareness of IT security managers. These services may result in data loss, data oversharing, compliance issues, and more.
• Insider Threats: Employees or contractors with access to cloud-based systems can intentionally or unintentionally cause data breaches, steal data, or leak sensitive information.
• Distributed Denial of Service (DDoS) Attacks: Cloud-based systems can be targeted by DDoS attacks that overload the system and prevent legitimate users from accessing cloud resources.
• Advanced Persistent Threats (APTs): These sophisticated, long-term cyber-attacks are characterized by their discreet, persistent nature. APTs commonly target large, high-value organizations and are frequently backed by well-funded, state-sponsored groups or highly skilled threat actors.
• Insecure APIs: Application programming interfaces (APIs) used to access cloud-based services can be vulnerable to attacks, such as injection or man-in-the-middle attacks.
• Shared Infrastructure Vulnerabilities: Cloud-based systems often use shared infrastructure, which means a vulnerability in one customer’s system could potentially expose data for all customers on the same infrastructure.
• Compliance Risks: Cloud-based systems must comply with various regulations and standards, such as HIPAA, PCI-DSS, and GDPR. Failure to comply with these regulations can result in legal and financial penalties.

Enterprises face growing cloud compliance risks in the face of ever-changing cybersecurity regulations. Government and industry regulations require you to know where your data is in the cloud and how it is being shared. The European Union General Data Protection Regulation (GDPR) affects millions of organizations. That’s why developing a plan to comply with the new rules is critical for all organizations.

Today’s attacks target people, not technology. This is just as true for the cloud as it is on-premises. As businesses move their messaging and collaboration platforms from the corporate network to the cloud, they become vulnerable to attack.

Fortunately, many security strategies are available for organizations and cybersecurity teams to create a more secure cloud environment. From limiting access to cloud-based resources to encrypting and backing up data, here are several tips for cloud security protection:

Protect Against Cloud-Based Security Threats

It’s worth repeating: Cybercriminals tend to target people, not technology, with popular cloud-delivered SaaS applications such as Microsoft Office 365 or Google G Suite. A CASB with a broad complement of cloud security solutions offers the best defense against today’s people-centric threats.

Use Strong Authentication Mechanisms

Multi-factor authentication (MFA) is a critical and easy-to-implement security control that requires users to provide multiple forms of authentication to access cloud resources. This can include a password, PIN, biometric information, or something the user has, like a token or smart card. MFA significantly reduces the risk of unauthorized access to cloud resources, even if a user’s password is compromised.

Limit Access to Cloud Resources

Another vital strategy hinges on access controls, particularly limiting access to cloud resources to users who require it. This can include implementing role-based access controls and the Principle of Least Privilege (PoLP), where users are granted the minimal level of permissions needed based on their role within the organization. Organizations can also use network segmentation to restrict access to specific cloud resources.

Back-Up Your Data

Data backups are a cloud security best practice for data recovery in case of a data leak or security breach. Backups should be performed regularly and stored in a secure location separate from your primary data storage. In addition to helping you recover from a data loss, backups also help you comply with regulatory requirements and ensure business continuity.

Keep Systems Up-to-Date

Keeping software and systems up-to-date is an essential security control that helps mitigate the risk of known vulnerabilities. This includes applying security patches and updates as soon as they become available, as well as regularly updating antivirus and other security software.

Train Your Employees

Security awareness training is a powerful element of any security program. By educating employees on cloud security best practices, you can help them understand the importance of security and their role in protecting the organization’s data and systems. Such efforts can include training on password management, phishing awareness, and social engineering detection.

Regularly Monitor Your Cloud Resources

Monitoring is an essential security control that lets you quickly detect and respond to security incidents. This can include monitoring network traffic, system logs, and user activity to identify suspicious behavior and potential security threats.

Stay in Compliance

As your employees, contractors, and partners share more data in the cloud, the risk of a breach increases. You need risk-aware cloud security that connects the dots to detect and prevent such breaches. In addition, compliance with government regulations and industry mandates is essential. These include the following: personally identifiable information (PII) such as Social Security numbers or date of birth; consumer payment card information (PCI); and protected health information (PHI) such as medical records.

Manage Cloud Apps in Your Environment

Given the proliferation of cloud-delivered apps, governing their use is essential. The average enterprise has an estimated 1,000 cloud apps, and some have serious cloud security gaps that can violate data residency regulations, such as GDPR. In addition, attackers often use third-party add-ons and social engineering to trick people into granting broad access to your approved SaaS apps.

Cloud-app governance capabilities provide important critical visibility into cloud security threats. They also offer essential controls that alert and coach end users and set up automated responses for cloud access, such as “allow,” “read-only,” or “block.”

In addition to these tips, a CASB with a broad complement of cloud security solutions with robust detection, remediation, and risk-based authentication capabilities offers the best defense against today’s people-centric threats, including brute-force attacks, phishing attacks, and malicious file shares.

These elements, along with maintaining confidentiality, integrity, and availability (CIA), are fundamental to establishing a resilient cloud security architecture that prevents cyber-attacks and employs targeted action when and where needed.

Proofpoint offers various cloud security solutions to protect against advanced threats targeting people through email and cloud computing apps. Proofpoint’s solutions focus on people-centric security, advanced threat detection, and a unified security platform. Among the tools and platforms that Proofpoint provides include:

• Multi-Layered Threat Defense: Stops 99.99% of email threats, including business email compromise, ransomware, and credential phishing. It leverages advanced threat intelligence, static analysis, sandboxing, click-time protection, and Nexus AI models to protect against sophisticated attacks.
• Information & Data Protection Management: Discovers sensitive data in the cloud and prevents data loss across email, cloud apps, web, and endpoints using standard data classifiers and content scanning.
• Remote Browser Isolation: Allows safe access to websites, personal email, and cloud applications without exposing the organization to malware, credential phishing, and data loss.

Proofpoint’s cloud security solutions aim to prevent unauthorized access to sensitive data and resources and protect users’ cloud-based accounts from takeover. By leveraging these technologies, organizations can effectively manage cloud security risks, protect sensitive data, and ensure compliance with regulatory requirements. To learn more, contact Proofpoint today.

[1] Gartner Inc. “Magic Quadrant for Cloud Access Security Brokers”
[2] Ibid.
[3] Proofpoint. “Cloud Attacks Prove Effective Across Industries in the First Half of 2019”