Emerging trends and their security implications
By Enrique Gomez – COO GAT Labs
In my experience, there have been, perhaps, three major trends with significant security implications for corporate data in the last decade.
The first is the increased practice of corporations moving their data to the cloud. This is particularly the case with enterprises offloading their office environments to cloud-based solutions. The second is the involvement of more and more state actors in the business of hacking enterprises. This brings an increased level of sophistication and boldness to the perpetrators, who in most cases act with a sense of impunity within their own State. The third trend has yet to fully play out, but it’s fair to say that COVID-19 has forever changed the workplace landscape, and far more knowledge workers are likely to work from home, off the local area network (LAN), in the future.
If we look at the movement of the office environment to the cloud, we can see the many advantages it offers enterprises. Perhaps most notably is its cost (reduced capital spend and labor) and increased security. Few, if any, enterprises would have security teams with either the size or requisite skills needed. However, what remote work offers in terms of increased data security, it takes away in terms of user oversight (user audit and observation).
The US Bureau of Labor Statistics estimates that the enhanced need for security measures for remote workers will contribute to the projected employment of information security analysts, which is expected to rise by one-third between 2020 and 2030.
User oversight in the LAN vs the Cloud
In the now ‘’old’’ model, where all users were on the LAN (or required to backhaul through it) and all traffic was forced to flow to local servers or through local firewalls, the levels of user audit, observation, and accountability could be very high.
However, the cloud’s ‘login from anywhere on any device’ model means such oversight has been lost for enterprises. The challenge in the modern era is to give these enterprises the same level of security and oversight they had when users were on the LAN, but in the Cloud.
Whether on the LAN or in the Cloud, I believe the user has always been the weak point in any attack. That’s why an enterprise’s ability to monitor and protect the user was, and always will be, key to protecting corporate data.
How to effectively protect Users in the Cloud
According to Statista, 60% of all corporate data is stored in the cloud. This figure has doubled since 2015. With this in mind, protecting your corporate data has never been more important.
Furthermore, a January 2022 Insight Report by the World Economic Forum found that 39% of organizations have been affected by a third-party cyber incident in the past two years.
Today’s main cloud providers typically offer rich application programming interface (API) sets that allow third parties to build auditing and reporting tools to boost the cloud reporting capabilities of enterprises. These tools provide a first line of security defense and allow system administrators to understand issues such as file sharing and email flows more effectively. Some tools even offer remedial actions such as revoking external file shares or bulk deleting spam email.
These solutions work well for primary data stores. However, as companies use more cloud services, rich corporate data becomes more dispersed across different platforms and cloud service providers. Since each platform has its own unique reporting APIs, where enterprises utilize a mix of different platforms, messaging, customer relationship management (CRM) and financial systems, I believe using a third-party cloud security tool is no longer sufficient.
I have come to the conclusion that no third-party tool has APIs for all the cloud platforms available. In fact, it is probably not even possible to develop such a tool in a practical sense. Even if there were only one could, it would be a foolhardy task as the frequency of API changes alone can be challenging for even one or two platforms.
Get the Same Level of User Oversight you had on the LAN via the Browser
Nearly every current cloud platform shares one thing in common: they’re accessed through the browser. While they may sit in thousands of locations and have tens of thousands of APIs, access to data happens through the browser for the vast majority of enterprise users. The key is to make the browser environment act like it was permanently on the ‘LAN’.
As a starting point, let us take a closer look at the advantages the browser offers as a tool for accessing data. Browsers significantly reduce the attack surface and tend to be more secure than PC applications in general. PCs present multiple opportunities to access local data and to network to other nodes, once compromised. The browser, on the other hand, presents some kind of a wall that needs to be jumped to get to the cloud data, particularly when access is protected with 2FA (Two Factor Authentication). Keyboard scraping is easy, so passwords are practically redundant as a means of protection.
To give enterprises the same level of LAN protection and oversight in the cloud, the approach we take at GAT Labs, for instance, is to protect the USER in the browser environment. In effect, we get the browser to act as if it were on the enterprise’s private LAN.
Developing for the browser has many advantages. Apart from the reduced number of platforms you have to develop for ‘real time’, protection can be achieved, something even APIs don’t offer.
Monitoring what happens in the active tab allows us to alert on or block important data like company credit card or bank account numbers in real time, except on allowed sites. This, in turn, improves your enterprise’s data loss prevention (DLP) in the cloud. It has the added advantage of being able to account for all your users time in the browser. This greatly improves capacity planning and productivity reporting.
In the case of our own tools, we can even tell, using AI, if the user typing on the keyboard is not the user whose account is logged in, thus enabling an on-going 3-factor authentication shield in the browser. Phishing detection is also available.
These and many more security features greatly help enterprises increase the protection of the end user, who in my opinion will continue to remain the weakest security link.
About the Author
Enrique Gomez is the Chief Operating Officer (COO) at GAT Labs, an Irish-headquartered specialized general audit tool developer. Enrique has an MBA in International Marketing from ULA, Mexico. He joined GAT Labs in 2014, where he is responsible for the implementation of operational processes and ensuring employee alignment towards the organization’s goals and key targets. When Enrique joined GAT Labs, there was a noticeable gap in the market for innovation within the cloud security and auditing industry. Google Workspace was quickly identified as the platform on which GAT should develop and test technologies and products. A new company process structure was subsequently implemented, with technological software introduced to better manage human resources. Outside the office, Enrique is an avid traveler. In the past, he has snowboarded in the Andes and slept under the stars of the Sahara Desert. He attributes his ability to travel to his penchant for hard work and his curious nature – characteristics he carries over into his role at GAT Labs.
Enrique can be reached online at enrique@generalaudittool.com and at our company website, gatlabs.com
FAIR USE NOTICE: Under the “fair use” act, another author may make limited use of the original author’s work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material “for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.” As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner’s exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.
Source: www.cyberdefensemagazine.com