Managing the Security Risks in Cloud-Based Solutions

By Special Guest
Dotan Bar Noy, CEO and Co-Founder, ReSec Technologies

How Businesses can Implement Cloud Email, File Storage and Collaboration Tools and Stay Protected

Dropbox (News - Alert) already boasts 150,000 business users as of March 2016 and more businesses are likely to join in the coming years, especially larger enterprises. It’s a service that sees 1.2 billon files uploaded daily, and yet until recently, programs like Dropbox have been viewed as secure by the average user. However, members of the IT community know that these types of services can be a threat, but according to a recent survey by Spiceworks (News - Alert), only 44% feel that they can adequately respond to cyber attacks through cloud services. The services themselves largely rely on the same basic security tools, such as antivirus scanners, that can be easily bypassed by today’s sophisticated malware.

This convergence of explosive rates of adoption, inadequate security tools and uncertainty within enterprises makes the security of cloud-based programs one of the biggest issues for enterprises and SMBs. One of the first steps toward a more secure use of cloud services is to make sure that there are corporate policies around the selection and usage of these services. Employees need to only use sanctioned cloud applications with the proper controls to help keep user credentials secure, manage guest access and maintain a consistent level of security with a small number of services. By having a well-thought-out policy, cloud security becomes both easier to manage and easier to fix if a malicious file enters an otherwise secure cloud file transfer. For example, if an enterprise or a user needs to understand and monitor Dropbox security only, instead of Dropbox, Google (News - Alert) Drive, Box, WeTransfer and Hightail, it will make everything more efficient.

In addition to disciplined user and policy management, it is essential that enterprises add additional layers of cybersecurity within their network to protect themselves, since there is very little known about the risks within cloud-based programs. The most common cybersecurity solution to cloud-based programs is called “CASB” or cloud application security broker. This is a system that uses APIs to monitor the authentication and data flow to and from a cloud service. CASBs are very reliable and are growing in popularity. In fact, a few weeks ago, Cisco (News - Alert) purchased CloudLock and last year Microsoft acquired Adallom. While CASBs are strong, they should still be layered with a DLP, or Data Loss Prevention system with file scanning solutions.

While there are cybersecurity solutions out there that can help eliminate the potential risk of a hack, it is still important that all employees are aware of the risks within cloud based programs. One risk of the cloud is that these tools are built to enable outside access. When compared to hyper-restrictive on-premise access, the cloud provides an easy vector into the corporate network and should be viewed as a hybrid.

It is important to understand that even though a cloud-hosted document is typically viewed as an internal corporate file, it can still be accessed from the outside world. Because of this, employees should take steps to protect themselves as well as their information. This can be done by creating “access only” cloud applications, and adhering to company security policies. What this means is that employees can only be granted access to the company cloud when using the company’s computers, Wi-Fi, etc. This policy should be adopted because if an employee goes into the cloud from their home system, they could upload files that may contain malware. Always better to play it safe and remember that when it doubt, it is better to ask and control beforehand, then to deal with the consequences of a mistake after.

With the integration of cloud-based programs in the workplace becoming more and more popular, it raises the question of what this means for upcoming trends in security. The truth is, the cloud is both an enabler and a source of risk. It offers a basic level of protection, but can still act as a gateway to allow malicious files to enter the network. For this reason, moving forward, all security vendors must clearly explain how they provide cloud suite protection to companies that are creating new cloud-based dynamic architectures.

Because Dropbox and other cloud-based solutions are minimally secure and cannot be relied upon on their own, enterprises must consider implementing additional cybersecurity on their cloud frameworks. While most cloud-based services have a basic antivirus system in place, it is not enough to fully protect from malicious content. Enterprises should add additional layers of cybersecurity to maximize protection. In brief, by adding additional layers of cybersecurity to their systems, companies will be able to achieve peace of mind that there is minimal risk of a cloud-based cyberattack.

About the Author

Lt. Commander Israel Navy (RET), Dotan Bar Noy, CEO and Co-Founder of ReSec Technologies, has more than 10 years of management experience in technology and software companies. Prior to founding ReSec, he served as Director at Issta (listed ISTA.P), CEO of G.F.A. Systems, CEO of "STUDENTS" as well as owning a strategic management and consulting company.