GDPR compliance: technology and data handling explained

The GDPR regulation is ultimately about good data/information management and governance. Though many organisations acknowledged previous iterations of data protection regulation, GDPR demands that everyone step up their game and take responsibility or face severe consequences. The innovative use of technology aligned with the data handling processes and procedures will go a long way to achieve and maintain GDPR compliance.
Compliance with GDPR has strong data governance at its foundation.
Data governance should have executive ownership at its core and necessitates strong commitment is communicated and actioned. It involves auditing and risk management where data is identified, classified and managed in a controlled manner. Technology can inevitably be used to automate and scale this process especially where data volumes are extensive.

Data analysis and classification

One of the early steps on the GDPR journey is the analysis of data that is held, and identification and tagging of personal data. Organisations may hold a combination of structured and unstructured data, oftentimes data is held in multiple locations as multiple copies of records are made. Once identified, organisations will need to tag personal data and link pieces of data together that relate to the same individual. Systems will then also need to manage the consent element of GDPR enabling all data being held to be collated in accordance with access and consent requirements of GDPR.

Data management and security

Systems need to be in place that manages data quality throughout its lifecycle. Data location needs to be accurate, duplicates need to be detected, records need to be accurate and should be updated including corrections, amendments and deletions when requested including backup copies which are no longer required.
To support the data security requirements, systems functionality need to be in place that manages data records including encryption, deduplication, backup, deletion and providing access to complete records in a transferable manner. Applications that manage the data also need to be secure ensuring
that user access policies are enforced, and users do not get access to data they are not authorised to. Manual processes are likely to be inadequate and therefore technology will inevitably need to be in place to support this requirement.
In a cloud environment, this will need to be provided by cloud providers whose systems are GDPR compliant. The organisation, however, will still be responsible for securing the data and policing user access irrespective of the cloud providers security controls. For an on-premise scenario, the organisation will have total responsibility for ensuring the systems are in place.

Breach detection, response and reporting

GDPR requires that certain types of breaches are notified to the relevant authorities within 72 hours of the breach occurring. The notification will also require details of the breach such as; how many records were accessed, mitigating measures to counter the breach, consequences of the breach, risks to the individual, categories of data breached. To fully comply with this requirement, organisations will need to have excellent cyber security protection mechanisms and controls in place. This will include at least the following components;
  • Network Security to ensure only authorised devices are able to access the networks
  • User authentication mechanisms to ensure only authorised users have access to systems
  • Intrusion Prevention Systems that detect and block unauthorised network access
  • Monitoring systems to identify and alert if unauthorised activities are detected
  • Logging capabilities to ensure all activity is logged and the information is available to undertake a forensic investigation should the need arise
These are just a few areas where technology applied effectively will greatly assist with GDPR compliance. Implementing the above technologies may well require additional investment if the systems are not yet in place, or it may just be a case of fine-tuning and optimising systems that are already in place.
Inevitably changes need to be made if anything more than lip service is to be paid to GDPR. There is, however, a positive spin on GDPR because it’s not about preventing business but about handling data properly, which must be a good thing for all concerned.

What is GDPR? 6 question you need to answer before the deadline

Why is GDPR necessary?

Regulations such as GDPR have come about as a consequence of technology. The increasing storage of private data over decades has led to concerns over individual privacy. Technology has meant that there is a risk that privacy could be trampled on or sensitive user data accessed inappropriately.
Worst still data could be stolen and used for criminal activity. In essence, regulation ultimately is about protecting individual privacy and individual rights from abuse or misuse of technology.

Why has technology become a problem?

Technology has been deployed over the decades initially as a solution to a business problem. Latterly, technology has been deployed as a fundamental part of the business fabric without which most businesses would cease to operate. In the age of digitisation technology in some instances is the business. Technology has however been deployed in a haphazard manner without security at its core and in many instances, organisations are playing catch up as opposed to having security as part of their core design.

So how is GDPR different to other regulations?

GDPR aims to compel organisations to protect individual privacy by ensuring that those handling the sensitive data are competent; only storing what data is essential, enforcing a policy that only allows access to the relevant people, and has systems in place to protect against and detect unauthorised access.
GDPR gives real teeth to data regulators in terms of enforcement powers including significant fines. It also extends responsibility globally to anyone who processes EU citizens data.

What do businesses need to do to comply with GDPR?

In order to comply with GDPR regulation, organisations need to do the following;
  • Awareness–ensure everyone in your organisations knows about GDPR
  • Information- document what personal data you hold and where
  • Privacy and rights– ensure procedures cover individual rights
  • Subject access requests– update procedures to handle access requests
  • Lawful basis– identify your lawful basis for processing data
  • Consent– review how you manage consent
  • Minors– ensure you have consent for minors
  • Breaches– ensure you have a plan and procedures to detect and report them
  • Impact assessment– plan to undertake these in accordance with ICO guidelines
  • Data Processing Officer– designate a DPO within your organisation
That is it in a nutshell. It is obviously much more involved in practice. The information commissioners website is a great resource for understanding what needs to be done and how to do it.

What are the benefits of becoming GDPR compliant?

Achieving compliance with GDPR will have a number of direct and indirect benefits. Firstly there will be a cost associated with achieving compliance which will likely involve resources of time and money.
Being compliant however is a strong indication that the organisation is processing data in a robust way compliant with best practices. This should mean that organisations are;
  • More likely to protect sensitive data and thus individual privacy and rights
  • Less likely to be breached as they will have better security in place
  • Are more likely to detect security breaches
  • Will be able to respond satisfactorily to individual’s information requests
There is an increasing trend amongst organisations that are now requiring their supply chain to confirm their compliance with GDPR. This will become a differentiator enabling GDPR compliant organisations to be viewed more credibly.

What are the consequences of not complying with GDPR?

Non-compliance with GDPR can have quite severe consequences over time. This could include being excluded from business opportunities as well as the likely punitive measures that may result from an ICO investigation if an organisation has been found wanting in it’s approach to compliance.
Analysts are also predicting that after PPI claims expire next year, GDPR breaches will spawn a new chapter in the claims culture that could run for decades. Compliance with GDPR should be seen as a business opportunity and approached positively in terms of the benefits that it might bring to organisations.

Useful Resources

GDPR Readiness Test [Checklist]
GDPR 12 Step to take NOW [Infographic] 
9 Steps to Implement a Security Managment Tool [eBook]

7 infographics from the Cisco 2018 Cyber Security Report explained

In our final part of Cisco’s 68 page 2018 Annual Cyber Security Report, we summarise the key findings and highlight the main takeaways contained in the report.
While most of the information is already known, put in context it gives a thorough view of the changing landscape and importantly identifies some of the steps that Information Security teams could take to mitigate the growing risk.
The reports highlights include;
  • Self-propagating ransomware is a growing trend
  • Legitimate cloud platforms are increasingly being exploited for cyber attacks
  • Cyber attackers are exploiting gaps in security coverage as organisations move to the cloud
  • Lack of skilled cyber security staff is a growing problem
  • Security is more effective when policies governing technology, processes and people are synced
  • Scalable cloud security, advanced endpoint protection and threat intelligence can be deployed to reduce the cyber threat risk
According to the Cisco report, cyber attackers are amassing their techniques and capabilities at an unprecedented scale.
Ransomware is the most profitable form of malware and has evolved into self-propagating network based cryptoworms as witnessed by Nyetya
and WannaCry. These ransomware variants took down whole regions and
sectors of infrastructure such as the Ukraine and the NHS.
Cyber attackers are weaponizing the cloud and using legitimate cloud services from well known vendors such as Google, Amazon, Twitter to host and conduct malware attacks. They are in fact capitalising on the benefits of cloud platforms such as security, agility, scalability and good reputation, oftentimes repurposing their sites before they are detected.
Cyber attackers are exploiting gaps in security coverage including IoT and cloud services especially where the organisation has not extended their security controls to include securing users and data in the cloud. Another growing obstacle to more effective cyber security is lack of skilled cyber security personal and inadequate budgets.
Cisco’s report also provides some essential guidance that organisations
should adopt in order to meet the growing challenge and provide more effective cyber security protection. Some of these measures include;
  • Implementing scalable cloud security solutions
  • Ensuring alignment of corporate policies for technology, applications and processes
  • Implementing network segmentation, advanced endpoint security and incorporating threat intelligence into security monitoring
  • Reviewing and practising security response procedures
  • Adopting advanced security solutions that include AI and machine learning especially where encryption is used to evade detection
While the security report is essential reading for all personnel responsible for an organisations information assets, in many areas it reiterates what we have been hearing about in the news and trade publications. The essential call to action is really to make a good start by doing the essentials. If you have already done this, then keep testing, refining and improving your cyber security posture.

5 Takeaways from the Cisco 2018 Annual Cyber Security Report

Cisco Annual Cybersecurity Report 2018

Cloud abuse on the rise according to Cisco Security Report

Cisco’s Annual Cyber Security Report 2018 provides an insightful account into the changing cyber security landscape. This article summarises some findings of the report pertaining to cloud security.
Some main take aways from the report that will be discussed in this blog include:
  • Legitimate cloud services such as Twitter and Amazon being used by attackers to scale their activities
  • Machine-Learning is being used to capture download behaviour
  • Cloud Security is a shared responsibility between organisations and its provider
  • There is an increase of belief in the benefits of cloud security
  • Cloud abuse is on the rise
According to the report, increased security was the principle reason security professionals gave for organisations deciding to host corporate applications in the cloud.
Fifty seven percent believe the cloud offers better data security
Organisations who have a security operations team are likely to have a well defined cloud security approach that may include the adoption of Cloud Access Security Broker (CASB) as they deploy to the cloud.
Many smaller organisations however are adopting cloud services without a clear security strategy, there is therefore a blurring of the security boundaries where many organisations are not certain about where their responsibilities end and where the responsibility of the cloud provider starts.
Security in the cloud is a shared responsibility: Cloud Security, DNS, IaaS PaaS Saas
Security in the cloud is a shared responsibility
Cyber attackers are increasingly taking advantage of this blurring of the boundaries to exploit systems.
An increasing trend amongst cyber attackers is to use legitimate cloud services to host malware and command and control infrastructure. Public clouds that have been used for malware activity include Amazon, Google, DropBox and Microsoft.
This makes it doubly difficult for security teams to identify bad domains and take protective measures without risking significant commercial impact caused by denying user access to legitimate business services.
Examples of legitimate services abused by malware for C2
The misuse of legitimate services is attractive to cyber attackers for a number of reasons;
  • Easy to register a new account and set up a web page
  • Adopt use of legitimate SSL certificate
  • Services can be adapted and transformed on the fly
  • Reuse of domain and resources for multiple malware campaigns
  • Less likely that infrastructure will be ‘burned’ (service can just be taken down) with little evidence of its purpose
  • Reduce overhead for attacker and better return on investment
Cyber attackers are effectively using legitimate and well known cloud infrastructure with their attendant benefits; ease of scale, trusted brand and secure features such as SSL. This enables them to scale their activity with less likelihood of detection if current protection methods are retained.
The challenges posed for the security teams defending organisations from these new threats call for a more sophisticated approach because in effect you need to block services that users are trying to access for legitimate work such as Amazon or Dropbox. Furthermore, the legitimate services are encrypted and so malware will be encrypted and evade most forms of threat inspection techniques– the threat will only become apparent after it has been activated on a host.
Intelligent cloud security tools will need to be deployed to help identify malware domains and sub-domains using legitimate cloud services. Such tools can also be used to further analyse related malware characteristics such as associated IP addresses, related domains and the registrant’s details.
An emerging and valuable approach to detect anomalous behaviour is machine learning.
Machine learning algorithms can be used to characterise normal user activity, unusual activity can be identified, and action taken automatically.
Machine-learning algorithms capture user download behaviour 2017
To meet the range of challenges presented by cloud adoption,
organisations need to apply a combination of best practices, advanced security technologies, and some experimental methodologies especially where they need to overcome the use of legitimate services by cyber attackers.

Would you like to learn more? Claim your Free copy of our latest eBook “A View of the Cyber Threat Landscape”. Click here.

What’s HOT What’s NOT: Cyber Security 2018

What are the main cyber security trends and focus areas for IT Managers and Chief Security Officers so far in 2018?

One thing we know for sure is that cyber security won’t be taking a lower profile as IT embeds itself at the core of organisations becoming a true business enabler.
IT is at the core of organisations and if there is a glitch then the business impact is profound. It is therefore beneficial to be able to focus limited resources and efforts on the priorities that will really
make the biggest difference.
 So the question is what will be HOT and what will NOT in 2018. The list below, while not being exhaustive, gives a focus on what you should be prioritising.

 HOT

  • GDPR
  • Ransomware
  • Cloud

NOT

  • Anti-Virus
  • VPNs

HOT: GDPR

25th May 2018 is the date the GDPR will come into force. The regulation will affect literally every organisation that holds personal data. With the increasing regulatory powers for investigation and enforcement, firms not complying with the regulation could face severe penalties.
GDPR must, therefore, be high on the list of business priorities and a comprehensive approach to GDPR compliance will necessitate a comprehensive review of policy, process and technology.
In a recent article we discovered that 52% of medium sized business have NOT made changes/prepared for GDPR!

NOT: Anti-Virus

In the face of the new breed of sophisticated, adaptable forms of cyber attacks, traditional Anti-Virus is becoming redundant. The approach of traditional Anti-Virus which is based of signatures relies on threats having been detected and updates being propagated to clients before an attack occurs.
Organisations need multiple layers of protection to stand any chance of detecting and blocking new threats some of which can dynamically probe and adapt to the host environment.
Anti-Virus is still essential especially if it also monitors for abnormal behaviour, however if it is your primary line of defence, expect the worst, as Robert Mueller says, you will be attacked, depending solely on Anti-Virus increases the likelihood of it happen sooner and more frequent.

Related Resources

HOT: Ransomware

2017 saw the spread of global ransomware variants Wannacry and Nyetya. Wannacry made significant parts of the NHS powerless while Nyetya caused major losses for businesses. Fedex counted losses in excess of $300m and at one stage had to resort to WhatsApp for internal communications due to compromised email systems.
The ransomware ‘business model’ has stepped up a notch with it being made available to buy as a service. The avatar of the attacker has suddenly changed from a stereotypical hoody wearing geek to just about anyone who can pay with some Bitcoin.
Ransomware has been the most profitable form of cyber attack to date and franchising it just made it cement it’s pole position as the number one threat in 2018.

Related Resources

NOT: VPNs

Statistics indicate that nearly 50% of workforces are mobile, meaning they access their organisation’s IT applications from remote locations to the organisation’s offices. The ubiquitous VPN has been the secure way of connecting.
 With the various flavours and increasing range of users requiring connections, VPNs are becoming a greater management overhead and an increasing security risk especially if the controls are not kept up to date with the threats.
A need for a more sophisticated and granular method of providing remote access is emerging where users are connected only to what they require, when they require it and furthermore their security posture is established even before they are allowed any connectivity.

Cloud: HOT

Organisations having realised the benefits of cloud adoption have embraced it while mitigating the risks as best they can. The benefits of the cloud in many instances include lower operational costs, agility, increased resilience and scalability.
Cloud adoption is also well suited to the growth of a mobile workforce who need anytime anywhere access to their applications. Securing the cloud data and user access is however an area of cloud implementation that is emerging as a focus area that businesses have not paid sufficient attention to.
Technologies such as secure DNS and the secure Internet gateway are solutions that are highly likely to gain a lot of traction as organisations audit and protect cloud connectivity from a range of emerging cyber threats.

Related Resources

There will inevitably be questions about security topics such as BlockChain, IoT and Phishing just to name a few. Let us know how your list wouldn’t be different.

Trial Cisco Umbrella for 14 Days, completely free and no obligations!

If you have read the last few updates you should now have a deeper understanding of Cloud Security, that’s great! But what can YOU do about it? 

We are offering a 14 day trial of Cisco Umbrella, the industry’s first Secure Internet Gateway in the cloud.

Cisco Umbrella provides the first line of defence against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.

It takes no time to install and you don’t have to provide any payment details (or even have a phone call).

So what’s to lose? 

Click here to start your trial! 

Will GDPR protect your personal data?

I hope that this news is not scary but we are less than 2 months way from GDPR coming into force. A recent government cyber breach survey highlighted some interesting facts about GDPR preparedness of the UK business community.

 

The research was conducted across a sample of around 1500 businesses spanning all sectors from micro-business to large enterprise. While the trend was not necessarily surprising, what was surprising was the response of business like yours in the medium size sector. Here are some numbers that may or may not surprise you.

 

33% of medium sized business have NOT heard of GDPR

52% of medium sized business have NOT made changes/prepared for GDPR

50% of medium sized business have NOT made cyber specific preparation for GDPR

 

The results for each sector re-outline in the tables below.

 

 

 

 

 

 

Recall that GDPR is relevant for all organisations that hold personally identifiable data. This does not just relate to customers, it also relates to staff. If you employ people it’s a fair guess that you hold personally identifiable data on your staff.

 

Based on the fact that we are less than 2 months away, what does this mean for our personal if around half of businesses aren’t doing anything about complying with the new standards. I think I would rather not think about that for too long. Lets just review the steps that organisations need to take as outlined in one of our previous articles. We re-iterate them below and have also included some useful links that can take you a long way towards understanding;

 

  • What the regulation requires of you
  • How to get started
  • Where you can get help

 

 

GDPR 12 steps that you can take right now

 

A really useful starting point is contained in the Information Commissioners website which provides a range of resources explaining GDPR and how organisations can go about preparing to comply with it.

 

Their 12 steps guide covers the initial activities that can be started immediately and include;

 

  • Awareness of Decision Makers
  • Information Audit
  • Update Privacy Notices
  • Procedures for Individual Rights
  • Subject access requests procedures
  • Consent procedures
  • Under-age Consent Procedures
  • Privacy Impact Assessments
  • Data Protection Officer
  • International Implications

 

The guide is summarised below for convenience.

 

Layout of  the 12 steps

 

  1. Awareness

You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.

 

  1. Information you hold

You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.

 

  1. Communicating privacy information

You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.

 

  1. Individuals’ rights

You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.

 

  1. Subject access requests

You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.

 

  1. Lawful basis for processing personal data

You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.

 

  1. Consent

You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.

 

  1. Children

You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.

 

  1. Data breaches

You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.

 

  1. Data Protection by Design and Data

Protection Impact Assessments

You should familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.

 

  1. Data Protection Officers

You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.

 

  1. International

If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.

I made a call, the customer said no, but I loved it

 

We have been doing our cloud security blog now for a couple of weeks and decided to start to speak directly to some of the contacts who had been reading the blogs. I spoke to one contact from the legal sector (who shall remain nameless) who gave some very interesting feedback.

 

The bad news is that the call did not end up in a sale or a trial of the software, and they didn’t want to meet with us or try out any of our services so there is no fairy tale ending here.

 

What was more interesting was that the customer said about Umbrella cloud security and his current IT partner.

 

On the subject of Cisco Umbrella, he said they had been using it for over a year now and “it was absolutely brilliant”. The ability to automatically block bad domains and to investigate suspected threats was extremely good and he was very happy that they had decided to deploy the product.
Furthermore, he said it was introduced to him by their IT provider whom they have worked with for nearly 10 years now. He said it was a very strong partnership where they had offered an exceptional quality of service, they weren’t the cheapest but it would just be silly for them to look elsewhere at this stage because you get what you pay for and they certainly were getting very good value for money. He felt it would be silly of them to be looking to change under such circumstances. I said to him I hoped my customers felt the same way about the service we provide as we certainly strive to differentiate ourselves in this way. He thanked me for the call and we went t our separate ways.

 

Wow this is what I have been banging on about for what seems a lifetime, it’s not about being the cheapest or biggest, but rather about providing good value for money.

 

What was even more satisfying is the fact that he appreciated what we had been writing about in terms of cloud security and the importance of DNS security. He was totally happy with the Umbrella product and now couldn’t see them operating without it.

 

So I am really happy that though this customer said no to us, they endorsed what we believe and what we have been banging the drum about.

 

Protect yourself against 92% of malware threats that can be stopped at source via secure DNS. The free trial is waiting for you to just click the link and be up and running in 5 minutes. It will be the best cyber security click you’ve ever made.

Test the solution yourself! Free 14 day trial 

What Will You Pay? Costs of a Cyber Attack

What will you pay?

With a 750% increase in ransomware attacks in 2016, a first layer of defense is needed.

View the infographic for new proactive strategies with Cisco Umbrella and keep your business protected.

Click here to view the infographic

Take Control with CASB and DNS

Its been a cloudy blog of a fortnight (pardon the pun but I couldn’t help it). To summarise we have been looking at the changing IT landscape and the consequent change in the threat landscape. We then looked at how organisations need to change their approach to cloud security to address this new reality.

 

The age of digitisation is bringing about a dramatic change to the IT landscape. Digitisation is about new efficient ways of doing things at scale. It’s about automation and new ways of engagement with customers in a way that suits them and at a time that suits them.

 

Digitisation is turning century old industries on its head as new players emerge that are agile, visionary and creative at a rate it’s outpacing their peers.

 

The new IT landscape is about DevOps “scoring an end goal” around or despite IT. Being applied to conceive and deploy apps in a fraction of the time it used to take using a conventional approach. Its about using the cloud to take advantage of Infrastructure, Platform or Software as a Service and being able to globally scale an application.

 

The new IT landscape is also about anytime anywhere access for users/employees. Power is being devolved to branch offices because they need better connectivity to access their new apps in the cloud. Analysts are saying that approximately 50% of users now access their applications remotely and 25% actually work remotely.

 

We also need to factor the explosive growth of IoT and the pervasive use of mobile devices to access the web.

 

Digitisation is a bright new horizon but it also brings major security headaches. Some of these include;

  • A massive increase in cyber attack landscape, more devices, more apps, more points of access
  • Increase in the number of alerts security teams need to process and understand
  • More applications to monitor and manageLack of visibility in what users are doing and how they are using apps
  • The growth of shadow IT exposing corporate information and services to attacks
  • Outdated non-cloud savvy security relative to the emerging landscape

 

Cyber attackers have evolved in sophistication to keep apace of the changes in IT. They constantly evolve their exploits, they are offering attacks as a service, they are using cloud scale computing power as well. Cisco’s annual cyber security report identifies that the scale and sophistication of attacks have increased over the past 12 months.

 

Security teams need to evolve their approach to security making it cloud centric with the ability to protect users and data anywhere anytime. Remember cloud services still require organisations to take responsibility for the security of their data. Gartner has identified that 95% of data breaches will be the fault of the end user.

 

Some of the essential tools that security need to include in their new armoury include secure DNS services as well as CASB services. DNS will block access to malware sites before they happen, or if a machine has been infected, it will block the command and control call back. CASB has the ability to monitor user activity in the cloud, profile applications in use and prevent data leakage. Both tools can also provide invaluable visibility into the normal behaviour of users and trigger protective actions and alerts as and when behaviour varies from the norm.

14 Day Free Trial of Cisco Umbrella

Get started in 30 seconds

No credit card or phone call required

 

WHAT IS INCLUDED?

  • Threat protection like no other — block malware, C2 callbacks, and phishing.
  • Predictive intelligence — automates threat protection by uncovering attacks before they launch.
  • Worldwide coverage in minutes — no hardware to install or software to maintain.
  • Weekly security report — get a personalized summary of malicious requests & more, directly to your inbox.
  • 1,000+ users? — You’re eligible for the Umbrella Security Report, a detailed post-trial analysis.

See how easy Umbrella is to instal

In the Cloud you need CASB: How to Secure the Cloud

We introduce another acronym yesterday, CASB (Cloud Access Security Broker) and we now expand on the features and benefits of deploying a CASB solution as we continue in our approach to cloud security. We noted in our previous blog that cloud security was a shared responsibility between service user and service provider. Gartner analysis indicates that by 2021, 27% of corporate data will bypass perimeter security. In addition by 2020, 95% of cloud security failures will be the customer’s fault.

 

Cloud Umbrella, DNS, Firewall, Cloud Security, Data Breach

 

Securing the cloud will need a robust security approach which includes features such as the ones outlined below;

 

Cloud User Security

Attackers are defeating today’s security controls that rely on the network perimeter, firewalls, or a specific platform. Activities across platforms are not correlated, making it difficult to identify suspicious behavioural patterns. At the same time, security teams are inundated with alerts that lack priority, useful information, or context. Faced with a flood of unhelpful notifications, the legitimate security breaches get overlooked. This problem is magnified with the use of cloud applications and platforms, as organisations often have little visibility into the activities of their users in their cloud environments.
A CASB can analyse user and entity behaviour, using the analytics to profile behaviour and detect and respond to anomalies in real time, while alerting security teams.

 

Cloud Data Security

The number one cloud security concern for organisations is storing sensitive data in the cloud. 53% of organisations rated this top of their list. A CASB is an effective solution to address this by enabling tuneable policies to be deployed to monitor and provide data loss prevention. In the event of a policy violation, a CASB can initiate an automated response mechanism that can notify users, encrypt connections and quarantine data as necessary.

 

Cloud Applications Security

Unauthorised cloud applications is now a major security hole being exploited by cyber attacks. Discovery and security rating of cloud applications are therefore another essential feature that is needed to determine compliance with the organisations security policy. The ability to also block or whitelist applications may also be a necessary measure for compliance.

 

Correctly configured the CASB solution should provide the following benefits;

  • Detect and respond to compromised accounts
  • Detect and respond to malicious insiders
  • Monitor and secure privileged accounts
  • Protect sensitive data in the cloud
  • Enable compliance with cloud data
  • Gain full visibility into cloud app usage
  • Block cloud malware
  • Secure cloud marketplace apps