Cloud Security

Delving further, these represent the different risks that manifest themselves as follows:

Securing the path to the Cloud

Protecting Users from Web threats

Users need access to the internet! This simple activity presents them with diverse threats such as malware download, phishing credential theft and data loss (accidental or malicious). It’s very common for a user to be directed (typically via an email link) to a lookalike website, where they feel comfortable in sharing sensitive credentials such as username and password. Similarly, a legitimate website with a proven good reputation that has been compromised could harbour malware.

Cybercriminals will target popular and trusted websites as they offer the greatest chance of propagation, known as watering hole attacks and so-named as predators wait in ambush near water, knowing that it’s almost guaranteed that their prey will need to visit that spot - why going hunting when they will come to you.

Each of these threats has its own countermeasures and risk nuances. You could rely on your endpoint security to deal with such threats, however do you really want to deal with the threat at the same endpoint that the user is trying to use for work, potentially creating a productivity risk? Instead, we would suggest the ‘security in-depth’ strategy. This encourages having more than one layer of defence to avoid any single point of defence failure.

The result is an endpoint being the last-line of defence rather than the first, which also has the benefit of moving the defence along with the mitigation & cleanup away from the users end-point. We advocate applying web security controls at the gateway or the cloud level, that are distinct from the endpoint. Our recommendation is Skyhigh Secure Web Gateway (SWG).

Protecting the Business from Web risks

Access to the web also means that users have access to the proliferation of cloud applications. And unlike earlier times, when the IT Administrator was in complete control of what could be installed on the network, the Cloud results in users having access to so much more without the former controls. Usage of cloud applications by staff without formal business endorsement is known as ‘Shadow IT’. These are not necessarily malicious applications, either. In fact, most Shadow IT is due to well-meaning staff utilising something because they can, they like it, they prefer it!

The threat is that these unapproved cloud applications will need some form of user’s credentials as a minimum (which could be same they use for the network) and, at the worst, may be storing and processing sensitive Company information, presenting a Data Loss Prevention (DLP) risk.

CASB (Cloud Access Security Broker) is an acronym used for controlling user interaction with Cloud Applications, whether monitoring and denying access, or applying granular policies regarding the flow and usage of Company data with a Cloud application.  A topical example is Artificial Intelligence (AI) within the Business. Organisations want to embrace AI tools such ChatGPT for example, whilst at the same time they value their intellectual property. A CASB solution can support a business with utilising AI tools whilst not compromising information security.

Our recommendation is SkyHigh’s CASB solution.

Securing the Cloud environment

SaaS (Software as a Service), such as M365, Box, Salesforce, Canva etc, and IaaS (Infrastructure as a Service), such as AWS, Azure, GCP etc, all have their benefits. In one way or another, they can both reduce support burdens, improve cost management and scalability. The downside is security; for example, it is common for SaaS applications to have weak security settings by default, and IaaS requires you to patch and maintain your systems residing on the hosting platform. You will undoubtedly be faced with adding more systems and integrations. The providers will not stop updating their features and functions, and this calls for your attention. Complexity is the challenge – how do you become a security expert on all the different systems, all the time, and have the know-how and the time to remediate the myriad of options, settings, and hosting policies?  

It only takes one mishap from a well-meaning staff member, or for cybercriminals to exploit an over-looked vulnerability for your organisation to suffer serious consequences. Whereas you need to be safe 100% of the time, the bad-guys need only be successful once. This is why tools to help you reduce the burden and to automate cloud security are so important. We recommend CheckRed.