The cloud computing boom has brought many benefits to businesses regarding increased productivity and easier accessibility to corporate online systems. Unfortunately, it has also introduced some new security concerns and an increase in the number of data breaches that occur each year.
The main reason for this is that cloud services make it much easier to access and share data from outside the organization. In a traditional computing model, data breaches are most commonly caused by stolen hardware or a malicious attack on company systems. Data breaches from the cloud may simply be caused by a careless employee sharing files with the wrong person.
This problem is exacerbated by the fact that many times, corporate data is uploaded to the cloud without permission. If this happens, sensitive files could be in a vulnerable location without IT administrators or managers even knowing until a data breach occurs.
BYOD Cloud App Security – How Big is the Problem?
A study carried out by IBM discovered that a third of Fortune 1000 company employees regularly upload and share corporate data to unauthorized third-party cloud apps. Once the data has left the safety of company managed storage systems, it cannot be tracked, and there is no way of knowing how secure it is. This behavior occurred despite over half of the employees surveyed admitting that they knew private cloud transfers were against corporate IT policy.
A 2016 report into BYOD security discovered that 40% of companies surveyed offered BYOD to all employees. However this doesn’t mean that the majority of businesses don’t allow their employees to use their own devices – other research suggests that many organizations don’t bother with a BYOD policy at all. This means that employees may well use their own devices with absolutely no guidelines or advice on maintaining data security.
The increased usage of personal mobile devices for work purposes means that company data is more vulnerable than ever, as the apps that have access to this data are steadily growing in number and impossible to manage.
According to a report commissioned by Symantec and Blue Coat, organizations use more than 20 times the number of cloud applications than they estimate, and the average organization has 841 cloud apps in use.
Many of these apps are not designed for enterprise use and may not have sufficient security controls in place. What’s more, employees may be using these apps to deliberately exfiltrate data.
The same study found that 63% of risky employee activity in the cloud indicated an attempt to exfiltrate data either via downloads or sharing.
Data can be exfiltrated from the security of corporate systems in three main ways:
- Using a third-party app to migrate the data, either cloud-to-cloud, or cloud-to-local
- Downloading data to personal mobile device (BYOD), which is also connected to personal cloud storage such as Dropbox or G Drive
- Sharing data with individual outside of the organization.
What Makes Third-Party Cloud Apps a Security Risk?
It’s very difficult to keep cloud apps secure because of the number of people using them and the fact that unauthorized data copying is very hard to detect due to the massive amount of data that is typically transferred and stored with these apps.
Cloud services usually have very strict security protocols in place and are secure, provided they are designed for enterprise use and are managed carefully. However third-party apps installed on employees’ own devices are usually not enterprise-ready, and data may not be encrypted to a sufficient level during transfer or while in storage.
Insecure cloud services may be attacked by cyber criminals, which puts any data stored with the service at risk of being leaked.
It’s also possible that employees may download fake apps from unofficial app stores, which are often infected with malware and can put corporate files at serious risk.
However, the biggest risks to cloud data are not from cyber criminals or malware but are mainly caused by human error. Third party cloud apps are typically very easy to use and this means it is very easy for an employee to share data with someone outside the company.
In many cases, this is not done for malicious reasons, but files may be shared by mistake, or to make it easier for the individual to do his or her job (for example uploading files that are needed to write a report at home). Sometimes users are not even aware that they are uploading files to the cloud or the data risks associated with doing so.
Managing BYOD Security Risks by Monitoring Cloud-to-Cloud Migration
In theory, the risks associated with third-party apps can be managed by not allowing employees to use their own devices at work, or by banning all apps apart from those on a company-approved list.
However, in practice, this is impractical and limiting. The use of third-party apps can bring significant benefits to an organization, and banning their use completely will also prevent employees from benefiting from the many ways the apps can help them work faster and better.
A restrictive ban may also lead to even greater security risks as some employees may try to get around the controls with insecure practices that can introduce even more serious risks (such as downloading apps from unofficial stores if the official channels have been blocked).
A better approach to third-party app security is to employ the use of a monitoring service that allows administrators full visibility of all apps that have access to company data and alerts them to any suspicious or risky data transfers.
The cybersecurity service provided by Spinbackup includes a cloud apps audit that allows administrators to have 24/7 monitoring of any apps used by employees on personal devices that have access to corporate data stored in the cloud. It’s important for administrators to pay particular attention to apps that allow cloud-to-cloud transfer, as this action has the biggest potential for data leaks.
This service also includes employee monitoring in real time and provides administrators with a dashboard that displays the risk level of all activities from individual users.
Risky behavior such as migration of data from the corporate cloud storage to private cloud storage (personal Google Drive account or Dropbox) is flagged and can be automatically sent as an alert to email and / or Slack. It is possible to view the name and location of the user and the time and date of the action, as well as the action itself.
The administrator can then act immediately by either blocking access to the user or revoking access privileges to the app that is being used to exfiltrate data.
By monitoring cloud-to-cloud transfers in this way, it is possible to detect and prevent unauthorized data downloads, while still allowing employees the freedom and benefits of using their favorite cloud apps.
3,814 total views, 2 views today