ALL >> Computers >> View Article
Don’t Get Snowdened: 5 Questions Every Ceo Should Ask Their Cio / Ciso
Total Articles: 54
Today is the 1-year anniversary of the historic Snowden disclosure. In the year since the first stories about Edward Snowden appeared, one of the lasting affects of the scandal is a heightened awareness of the risk posed by rogue insiders. This increased focus on rogue insiders has spread beyond the government to the private sector, and from security circles to corporate executives.
From product designs, formulas, and customer information, all companies have data that could harm their business in the hands of a competitor, making insider threats like Snowden an executive-level concern due to the potential negative impact on the company’s business operations and value. And with the ubiquity of cloud services, insiders are increasing exploiting the cloud to exfiltrate data.
We’ve distilled lessons learned from Snowden scandal and created 5 questions every CEO should be asking their CIO / CISO in order to avoid a catastrophic rogue insider event in the private sector both in using cloud as a vector of exfiltration as well as protecting their data stored in the cloud.
Can we identify unusual user or network activity to cloud services?
Many companies already archive log data from firewalls and proxies and use basic search capabilities to look for specific behavior. Unfortunately, basic search capabilities are ineffective at analyzing petabytes of data to proactively identify different forms of anomalous behavior. Today, there are machine learning techniques algorithms that establish baseline behavior for every user and every cloud service and immediately identify any anomalous activity indicative of security breach or insider threat.
Can we track who accesses what cloud-hosted data and when?
Snowden was able to steal roughly 1.7 million files and to this day the NSA doesn’t know exactly what he took. With the rapid adoption of cloud security services, companies need to make sure that their cloud services provide the basic logging of all access to cloud services, including those by admins and via application APIs. Furthermore, companies need to make sure that cloud services provide historical log data of all accesses in order to support forensic investigations when an event does occur.
How are we protecting against insider attacks at the cloud service providers?
Encrypting data using enterprise-managed keys will enable employees to access information while stopping unauthorized third parties from reading the same data. Experts recommend encrypting sensitive information stored on premises and also in the cloud. By encrypting data in this manner, companies add an additional layer of protection over and above authentication and authorization that protects against insider attacks at the cloud service provider end.
How do we know unprotected sensitive data is not leaving the corporate network?
Many companies enforce data loss prevention policies for outbound traffic. With the increasing use of cloud services (the average company uses 759 cloud services), companies should also extend their access control and DLP policy enforcement to data stored in the cloud. And as they do so, they should make sure that they are not reinventing the wheel and rather leverage their existing infrastructure. Companies should consider augmenting on-premise DLP systems and their existing processes to extend DLP to the cloud, with reconnaissance services that look for sensitive data in cloud services in use by the enterprise.
Can we reduce surface area of attack by limiting access based on device and geography?
The ability to access sensitive information should be dependent on context. For example, a salesperson in Indianapolis viewing customer contacts stored in Salesforce for customers in her territory using a secure device is appropriate access. Using an unsecure or unapproved device from another location may not be appropriate and could expose the company to risk. Limiting access to appropriate devices and appropriate locations will help prevent exposure.
Skyhigh Networks, the Cloud Security Services company, enables companies to embrace Cloud Security Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com/ or follow us on Twitter@skyhighnetworks.
Computers Articles1. Why Has The Sign Engraving Equipment Become An Essential For Personalisation
Author: Rob Hibbs
2. Computer Forensic Analyst Can Help To Dig Up The Truth Using Latest Technology Devices
3. How To Update Adobe Flash Player On A Mac Computer?
Author: Mac Support Team
4. Playstation 4 Repair Uk | Playstation Repairer
Author: Playstation 4 Repair UK
5. How To Recover Pst File Password In Outlook 2016 Free?
Author: Outlook Support Team
6. How To Securely Wipe Private Data With Active@ Killdisk
Author: James Vaughn
7. Find Reasonable Minute Of Every Day Norton Setup For Your Computer Needs
Author: Stephanie Smith
8. Register Your Business Name With Seo Friendly .co Domain Extension
Author: Ridhi Bhatia
9. Where To Find The Model Or Printer Number Of A Hp Printer?
Author: Maria Silvia
10. The Computer Repair Salem Ma Offer Best Solutions To Any Hardware Or Software Problem Of Your Comput
11. Things To Consider Before Buying A 3d Printer
Author: Jamie Smilovici
12. Everything To Know Before Using Surface Laptop Promo Code
Author: Christine Bleakley
13. Ps4 Repair London | Playstation Repairer
Author: Playstation Repair Centre
14. Pro Tip: How To Secure Windows 10 Boot Process
Author: Ellie Williams
15. How To Clear Cookies, Cache Memory And Browsing History In Aol?
Author: Maria Silvia