Category Archives: Cloud Adoption

1-in-4 orgs using public cloud has had data stolen

McAfee has polled 1,400 IT professionals across a broad set of countries (and continents), industries, and organization sizes and has concluded that lack of adequate visibility and control is the greatest challenge to cloud adoption in an organization. However, the business value of the cloud is so compelling that some organizations are plowing ahead. Cloud services nearly ubiquitous According to the survey, the results of which have been unveiled at RSA Conference 2018, 97 percent … More

The post 1-in-4 orgs using public cloud has had data stolen appeared first on Help Net Security.

It’s Time to Bring Cloud Environments Out of the Shadows

The speed and scale of cloud computing has provided companies around the globe with more flexibility, lower overhead costs and quicker time to value for a wide variety of applications. While the business value of cloud adoption is undebatable, this rapid transition can leave security teams in the dark and sensitive information exposed.

Crawl, Walk, Then Run to the Cloud

Eager organizations often rush to address pressing business needs by moving data to cloud environments, but in many cases these moves are made without the knowledge of central IT and security teams. While the business motivations are positive, unmanaged adoption of new cloud services can leave sensitive data uncontrolled and exposed. Below are some of the most common challenges associated with cloud adoption.

Shadow IT

If you’ve ever worked for a company that used a clunky, slow enterprise collaboration tool, you know how amazing solutions such as Box, Dropbox and Google Drive can be. Your employees likely feel the exact same way.

If your company uses tools that generate friction and slow down productivity, chances are high that your users have adopted shadow IT applications to avoid the frustration. When users start adopting cloud-based tools instead of company-sanctioned ones, they often access these solutions with personal login credentials. Once this happens, you lose control of your proprietary data, which can result in unnecessary security and compliance risks.

IaaS Adoption Without Expertise

When lines of business experiment with cloud services for one-off projects, they often lack the security expertise needed to ensure that projects are both operational and secure. While many security experts are familiar with the need to share security responsibilities in infrastructure-as-a-service (IaaS) environments, business teams tend to assume that everything is taken care of by the provider. As new projects spin up and leave basic security requirements unaddressed, these IaaS environments can unintentionally expose data or be hijacked by attackers for nefarious purposes, such as bitcoin mining.

Make the Unknown Known

Most security executives know that they’ve got data in the cloud, but they don’t know how much data, what types of data or what cloud it is stored in. To effectively manage risk, the first thing you need to do is make the unknown known. Then, determine effective policies to secure data and workloads in these environments and proactively monitor them for ongoing risks and threats. Let’s break these steps down further.

Bring IT Out of the Shadows

Before you can take back control of your data, you need to find out where it lives. Network traffic can provide meaningful insights into which users are using which cloud services. By looking at outbound network traffic, you can figure out what software-as-a-service (SaaS) applications and IaaS environments have been adopted and take a baseline inventory of cloud usage within your organization.

Armed with this insight, you can then make risk-based decisions about which services should be authorized as is, which should be authorized but company-managed and which should be blocked. While you’ll likely recognize most cloud services that are discovered, you may uncover some services that you’ve never heard of. Threat intelligence feeds can help you understand potential risks associated with unknown applications.

Take Back Control

Once you’ve determined which services your users are leveraging and which you want to allow, it’s time to start proactively monitoring these cloud environments for risks and threats.

A good security analytics solution should be able to monitor SaaS applications and IaaS environments to provide you with insights into misconfigurations, risks and threats. For example, you’ll want your security team to make sure that Amazon Web Services (AWS) Simple Storage Service (S3) buckets are properly configured and that identity and access management (IAM) users have the appropriate privileges.

You’ll also want to monitor the behavior of your cloud admins and developers. If their credentials are compromised, either through spear phishing or in the process of lateral movement, behavioral analytics can help your team spot breaches early so they can contain and block the attacker’s progression.

Choosing the Right Tools to Manage Cloud Environments

Cloud environments demand the same level of security oversight as on-premises ones — if not more. The fewer point solutions involved in the security monitoring, detection, investigation and response processes, the more effective your team can be.

A strong security analytics solution can help you extend your existing security operations program into cloud environments without requiring separate tools. As you start taking steps to gain visibility into your cloud environments, look for solutions that can span your entire IT environment — be it traditional on-premises, private cloud, SaaS or IaaS — and enable you to manage security across multiple systems from behind a single pane of glass. Cloud is the new IT frontier, and your security analytics vendor should be able to support you throughout each stage of the journey.

Read the interactive white paper: One for all — New parity for your enterprise security

The post It’s Time to Bring Cloud Environments Out of the Shadows appeared first on Security Intelligence.

Organizations want to leverage the cloud but are held back by security misconceptions

iboss has published the findings of its 2018 Enterprise Cloud Trends report. The survey of IT decision makers and office workers in U.S. enterprises found that 64% of IT decision makers believe the pace of software as a service (SaaS) application adoption is outpacing their cybersecurity capabilities. Combined with growing pressures from shadow IT and mobile employees, 91% of IT decision makers agree they need to update security policies to operate in a cloud-first environment. … More

The post Organizations want to leverage the cloud but are held back by security misconceptions appeared first on Help Net Security.

Survey: Nearly Half of Organizations Have a Consistent Enterprise Encryption Strategy

Nearly half of organizations have an enterprise encryption strategy that is applied consistently across the entire organization, a new encryption survey revealed. Forty-three percent of respondents to Thales’ “2018 Global Encryption Trends Study” said their employer had an enterprisewide encryption plan in place for 2017. That’s up from 41 percent in 2016 and 37 percent in 2015.

Enterprise Encryption Strategy Adoption on the Upswing

Thales began tracking the evolution of encryption back in 2005. In the 13 years that followed, the firm observed a steady increase in organizations adopting an encryption strategy. The company reported a decline in companies with no such strategy or plan over the same period: Just 13 percent of respondents said they lacked a comprehensive encryption policy in 2017, down from 15 percent two years prior.

Not all survey participants reported having a consistent plan across the entire organization, but the percentage of professionals with a limited enterprise encryption strategy didn’t change from 2016. Forty-four percent of respondents said their organization had a limited approach in both 2016 and 2017, which is up from just a quarter of individuals in 2015.

IT Security Spending on the Rise

For the study, Thales commissioned the Ponemon Institute to survey 5,252 individuals across industry sectors in the U.S., U.K. and 10 other countries. Their responses provided the company with insight into how enterprises’ use of encryption has evolved.

Their answers also illuminated how much budget employers are allocating to encryption and IT security. The former declined slightly from 14 percent in 2016 to 12 percent in 2017. At the same time, organizations spent approximately 10 percent of their overall IT spending on security, a percentage that marked a record high in a 13-year upward slope.

The report indicated some areas where both encryption and security spending could grow. One of them was cloud, with 21 percent of professionals expecting their organization to transfer sensitive or confidential data to the cloud within the next year or so. That’s in addition to the 61 percent of respondents who already do so.

Human Error an Ongoing Risk to Data

The Thales survey revealed that employee mistakes weighed heavily on respondents’ minds. Forty-seven percent of professionals cited human error as the most salient threat to sensitive or confidential data, followed by system or process malfunction and cybercriminals at 31 percent and 30 percent, respectively.

To protect against employee mistakes, organizations should balance technical controls with training that helps employees take responsibility for their actions.

The post Survey: Nearly Half of Organizations Have a Consistent Enterprise Encryption Strategy appeared first on Security Intelligence.