Security in the cloud is a top concern for the modern enterprise. Fortunately, provided that organizations do their due diligence when evaluating security tools, storing data in the cloud can be even more secure than storing data on premises. However, this does require deploying a variety of solutions for securing data at rest, securing data at access, securing mobile and unmanaged devices, defending against malware, detecting unsanctioned cloud apps (shadow IT), and more. Amidst this rampant adoption of security tools, organizations often forget to bolster the weakest link in their security chain, their users.
The Weak Link in the Chain
While great steps are typically taken to secure data, relatively little thought is given to the behaviors of its users. This is likely due to an ingrained reliance upon static security tools that fail to adapt to situations in real time. Regardless, users make numerous decisions that place data at risk – some less obvious than others. In the search for total data protection, this dynamic human element cannot be ignored.
External sharing is one example of a risky user behavior. Organizations need visibility and control over where their data goes in order to keep it safe. When users send files and information outside of the company, protecting it becomes very challenging. While employees may do this either maliciously or just carelessly, the result is the same – data is exposed to unauthorized parties. Somewhat similarly, this can occur through shadow IT when users store company data in unsanctioned cloud applications over which the enterprise has no visibility or control.
Next, many employees use unsecured public WiFi networks to perform their work remotely. While this may seem like a convenient method of accessing employers' cloud applications, it is actually incredibly dangerous for the enterprise. Bitglass' Datawatch experiment demonstrates how a malicious individual can monitor traffic on these networks in order to steal users' credentials. Additionally, credentials can fall prey to targeted phishing attacks that are enabled by employees who share too much information on social media. The fact that many individuals reuse passwords across multiple personal and corporate accounts only serves to exacerbate the problem.
In addition to the above, users place data at risk through a variety of other ill-advised behaviors. Unfortunately, traditional, static security solutions have a difficult time adapting to users' actions and offering appropriate protections in real time.
Reforging the Chain
In the modern cloud, automated security solutions are a must. Reactive solutions that rely upon humans to analyze threats and initiate a response are incapable of protecting data in real time. The only way to ensure true automation is by using machine learning. When tools are powered by machine learning, they can protect data in a comprehensive fashion in the rapidly evolving, cloud-first world.
This next-gen approach can be particularly helpful when addressing threats that stem from compromised credentials and malicious or careless employees. User and entity behavior analytics (UEBA) baseline users' behaviors and perform real-time analyses to detect suspicious activities. Whether credentials are used by thieving outsiders or employees engaging in illicit behaviors, UEBA can detect threats and respond by enforcing step-up, multi-factor authentication before allowing data access.
Machine learning is helpful for defending against other threats, as well. For example, advanced anti-malware solutions can leverage machine learning to analyze the behaviors of files. In this way, they can detect and block unknown, zero-day malware; something beyond the scope of traditional, signature-based solutions that can only check for documented, known malware.
Even less conventional tools like shadow IT discovery are beginning to be endowed with machine learning. Historically, these solutions have relied upon lists generated by massive human teams that constantly categorize and evaluate the risks of new cloud applications. However, this approach fails to keep pace with the perpetually growing number of new and updated apps. Because of this, leading cloud access security brokers (CASBs) are using machine learning to rank and categorize new applications automatically, enabling immediate detection of new cloud apps in use. In other words, organizations can uncover all of the locations that careless and conniving employees store corporate data.
While training employees in best security practices is necessary, it is not sufficient for protecting data. Education must be paired with context-aware, automated security solutions (like CASBs) in order to reinforce the weak links in the enterprise's security chain.
To learn about Bitglass' automated, zero-day capabilities, download the solution brief below.