Click here to close now.



Welcome!

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Open Source Cloud, Cloud Security

@CloudExpo: Article

Five Questions Every CEO Should Ask Their CIO / CISO

On the One-Year Anniversary of Snowden's Disclosure, Lessons for Preventing Insider Threat

Today is the one-year anniversary of the historic Snowden disclosure.  In the year since the first stories about Edward Snowden appeared, one of the lasting affects of the scandal is a heightened awareness of the risk posed by rogue insiders. This increased focus on rogue insiders has spread beyond the government to the private sector, and from security circles to corporate executives.

From product designs, formulas, and customer information, all companies have data that could harm their business in the hands of a competitor, making insider threats like Snowden an executive-level concern due to the potential negative impact on the company's business operations and value. And with the ubiquity of cloud services, insiders are increasing exploiting the cloud to exfiltrate data.

We've distilled lessons learned from Snowden scandal and created 5 questions every CEO should be asking their CIO / CISO in order to avoid a catastrophic rogue insider event in the private sector both in using cloud as a vector of exfiltration as well as protecting their data stored in the cloud.

1. Can we identify unusual user or network activity to cloud services?

Many companies already archive log data from firewalls and proxies and use basic search capabilities to look for specific behavior. Unfortunately, basic search capabilities are ineffective at analyzing petabytes of data to proactively identify different forms of anomalous behavior. Today, there are machine learning techniques algorithms that establish baseline behavior for every user and every cloud service and immediately identify any anomalous activity indicative of security breach or insider threat.

2. Can we track who accesses what cloud-hosted data and when?

Snowden was able to steal roughly 1.7 million files and to this day the NSA doesn't know exactly what he took. With the rapid adoption of cloud services, companies need to make sure that their cloud services provide the basic logging of all access to cloud services, including those by admins and via application APIs. Furthermore, companies need to make sure that cloud services provide historical log data of all accesses in order to support forensic investigations when an event does occur.

3. How are we protecting against insider attacks at the cloud service providers?

Encrypting data using enterprise-managed keys will enable employees to access information while stopping unauthorized third parties from reading the same data. Experts recommend encrypting sensitive information stored on premises and also in the cloud. By encrypting data in this manner, companies add an additional layer of protection over and above authentication and authorization that protects against insider attacks at the cloud service provider end.

4. How do we know unprotected sensitive data is not leaving the corporate network?

Many companies enforce data loss prevention policies for outbound traffic.  With the increasing use of cloud services (the average company uses 759 cloud services), companies should also extend their access control and DLP policy enforcement to data stored in the cloud. And as they do so, they should make sure that they are not reinventing the wheel and rather leverage their existing infrastructure. Companies should consider augmenting on-premise DLP systems and their existing processes to extend DLP to the cloud, with reconnaissance services that look for sensitive data in cloud services in use by the enterprise.

5. Can we reduce surface area of attack by limiting access based on device and geography?

The ability to access sensitive information should be dependent on context. For example, a salesperson in Indianapolis viewing customer contacts stored in Salesforce for customers in her territory using a secure device is appropriate access. Using an unsecure or unapproved device from another location may not be appropriate and could expose the company to risk. Limiting access to appropriate devices and appropriate locations will help prevent exposure.

More Stories By Rajiv Gupta

Rajiv Gupta is Founder and CEO of Skyhigh Networks. He has more than 20 years of successful enterprise software and security experience, and is widely recognized as a pioneer of Web Services and Client-Utility Computing, which was the precursor to cloud services as we know it today. With over 45 patents to his name, Rajiv has led two other companies to successful acquisitions by Cisco (Securent, Inc) and Oracle (Confluent Software). Previously, Rajiv spent 11 years at HP as GM of the E-speak Division – a division he started in 1998 to bring the Client-Utility Computing technology to market. Under his leadership, E-speak delivered some of the earliest Web Services technologies and standards and has been inducted into the Smithsonian National Archives. @TrustedMind

Latest Stories
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed...
With the proliferation of both SQL and NoSQL databases, organizations can now target specific fit-for-purpose database tools for their different application needs regarding scalability, ease of use, ACID support, etc. Platform as a Service offerings make this even easier now, enabling developers to roll out their own database infrastructure in minutes with minimal management overhead. However, this same amount of flexibility also comes with the challenges of picking the right tool, on the right ...
DevOps is not just last year’s buzzword. Companies with DevOps practices are 2.5x more likely to exceed profitability, market share, and productivity goals. But how do you enable high performance? What can you do right now to start? Find out from DevOps experts including Gene Kim, co-author of "The Phoenix Project," and the Dynatrace Center of Excellence.
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 ad...
Recognizing the need to identify and validate information security professionals’ competency in securing cloud services, the two leading membership organizations focused on cloud and information security, the Cloud Security Alliance (CSA) and (ISC)^2, joined together to develop an international cloud security credential that reflects the most current and comprehensive best practices for securing and optimizing cloud computing environments.
Companies can harness IoT and predictive analytics to sustain business continuity; predict and manage site performance during emergencies; minimize expensive reactive maintenance; and forecast equipment and maintenance budgets and expenditures. Providing cost-effective, uninterrupted service is challenging, particularly for organizations with geographically dispersed operations.
Sensors and effectors of IoT are solving problems in new ways, but small businesses have been slow to join the quantified world. They’ll need information from IoT using applications as varied as the businesses themselves. In his session at @ThingsExpo, Roger Meike, Distinguished Engineer, Director of Technology Innovation at Intuit, showed how IoT manufacturers can use open standards, public APIs and custom apps to enable the Quantified Small Business. He used a Raspberry Pi to connect sensors...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Avere delivers a more modern architectural approach to storage that doesn’t require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbuilding of data centers ...
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management...
SYS-CON Events announced today that VAI, a leading ERP software provider, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. VAI (Vormittag Associates, Inc.) is a leading independent mid-market ERP software developer renowned for its flexible solutions and ability to automate critical business functions for the distribution, manufacturing, specialty retail and service sectors. An IBM Premier Business Part...
With an estimated 50 billion devices connected to the Internet by 2020, several industries will begin to expand their capabilities for retaining end point data at the edge to better utilize the range of data types and sheer volume of M2M data generated by the Internet of Things. In his session at @ThingsExpo, Don DeLoach, CEO and President of Infobright, will discuss the infrastructures businesses will need to implement to handle this explosion of data by providing specific use cases for filte...
In most cases, it is convenient to have some human interaction with a web (micro-)service, no matter how small it is. A traditional approach would be to create an HTTP interface, where user requests will be dispatched and HTML/CSS pages must be served. This approach is indeed very traditional for a web site, but not really convenient for a web service, which is not intended to be good looking, 24x7 up and running and UX-optimized. Instead, talking to a web service in a chat-bot mode would be muc...
It's easy to assume that your app will run on a fast and reliable network. The reality for your app's users, though, is often a slow, unreliable network with spotty coverage. What happens when the network doesn't work, or when the device is in airplane mode? You get unhappy, frustrated users. An offline-first app is an app that works, without error, when there is no network connection.
SYS-CON Events announced today that AppNeta, the leader in performance insight for business-critical web applications, will exhibit and present at SYS-CON's @DevOpsSummit at Cloud Expo New York, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. AppNeta is the only application performance monitoring (APM) company to provide solutions for all applications – applications you develop internally, business-critical SaaS applications you use and the networks that deli...