Emerging exposure: Rising use of cloud apps creates data leakage pathways

Free storage is enticing, but businesses must set up strict controls to protect their records

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Core find­ing: A large U.S. cable tele­vi­sion com­pa­ny recent­ly sought to bet­ter under­stand how its employ­ees were using cloud apps to stay pro­duc­tive. Man­age­ment had an inkling that work­ers rou­tine­ly used about a dozen or more cloud file shar­ing and col­lab­o­ra­tion apps.

Ed note_CipherCloud_Willy LeichterAn assess­ment by Cipher­Cloud showed the employ­ees actu­al­ly were using 204 dif­fer­ent cloud ser­vices that posed a secu­ri­ty risk: 78 cloud stor­age apps and 126 dif­fer­ent col­lab­o­ra­tion apps, many of which includ­ed file shar­ing functions.

Emerg­ing risk: A major con­cern for the cable com­pa­ny was that sen­si­tive infor­ma­tion about cus­tomers and employ­ees could leak unno­ticed beyond its net­work perimeter.

Free cloud file stor­age makes it con­ve­nient to share data quick­ly and wide­ly. The com­pa­ny learned that sen­si­tive files had been moved into fold­ers acces­si­ble to peo­ple who should not have had access to the information.

Wider impli­ca­tions: Like many orga­ni­za­tions, the cable com­pa­ny rou­tine­ly stores cus­tomer trans­ac­tions data as well as employ­ee health care data cov­ered by HIPAA pri­va­cy rules. The ris­ing use of free Web apps by employ­ees has cre­at­ed many more oppor­tu­ni­ties for data leak­age, that could lead to sanc­tions and fines — or worse, an embar­rass­ing, expen­sive data breach.

The cable com­pa­ny set up sanc­tioned accounts with a pop­u­lar cloud stor­age service—Box—for employ­ees to use. It also has begun exam­in­ing oth­er steps it can take to impose tighter access con­trols around sen­si­tive com­pa­ny records.

Relat­ed video: New encryp­tion ser­vices boost con­fi­dence in the cloud

Excerpts are from ThirdCertainty’s inter­view with Leichter. (Answers edit­ed for length and clarity.)

3C: Can you out­line how the ris­ing use of cloud apps in the work­place is cre­at­ing secu­ri­ty issues?

Leichter: A typ­i­cal process is one per­son sends you some­thing from a Drop­box account and sud­den­ly you become a Drop­box user. Or often depart­ments will say, ‘OK, we’re going to use Drop­box or High­tail for this par­tic­u­lar project,’ and it kind of grows depart­ment by depart­ment. It grows virally.

The chal­lenge is the very nature of the whole file-shar­ing world. It’s like Swiss cheese. It’s designed to be very easy to share and to open up pub­lic links and to let anoth­er per­son in.

That’s where this cable com­pa­ny approached us. They had about dozen dif­fer­ent things they knew about and want­ed to standardize.

3C: You found a lot more than a dozen cloud apps in use.

Leichter: We found well over 1,000 cloud apps, what we call ‘Shad­ow IT’ apps that they were using. We have about 20 dif­fer­ent cat­e­gories of such apps; it could be soft­ware devel­op­ment tools or it could be social tools. In one cat­e­go­ry, file-shar­ing tools, we found more than 120 apps. This one cat­e­go­ry is prob­a­bly the most action­able cat­e­go­ry because file shar­ing involves send­ing peo­ple documents.

3C: How did this dis­cov­ery help the cable company?

Leichter: They were try­ing to do two things. They were try­ing to stan­dard­ize on two or three dif­fer­ent file-shar­ing ser­vices and use mon­i­tor­ing tools on them. And they also want­ed to shut down the worst offend­ers, which you can do, eas­i­ly enough.

3C: In gen­er­al, what kinds of mali­cious or wor­ri­some activ­i­ty are you see­ing in Shad­ow IT?

Leichter: It’s kind of a spec­trum. Offi­cial­ly sanc­tioned apps are being scanned in real time, using tools we and oth­ers make. That’s kind of a new world. We can give you all kinds of detail about who’s using all these apps. Then there’s the oth­er 90 per­cent of the apps in Shad­ow IT.

Anom­alies can be where some­one is send­ing huge amounts of files to some strange apps. Or some­one is down­load­ing stuff they shouldn’t be at two in the morn­ing. Or it could be mul­ti­ple peo­ple using the same account from dif­fer­ent IP address­es. Some­one is log­ging in from San Jose and then an hour lat­er they’re log­ging in from Bei­jing. You can spot a lot of these and take steps to shut them down.

3C: What else sur­prised the cable company?

Leichter: One of the things they learned is why peo­ple were doing this. For the most part, it was because the com­pa­ny wouldn’t pay for them to use an account. So they were account hop­ping from one free­bie to the next. It was because peo­ple just did not want to pay for stuff.

So now the com­pa­ny is try­ing to steer peo­ple to use bet­ter prac­tices through out­reach and edu­ca­tion. And it also is buy­ing them accounts.

More on cloud security:
Cloud use increas­es data secu­ri­ty risk for health care organizations
Start­up Soha wants to sim­pli­fy, improve cloud security
6 tips to avoid a cloud secu­ri­ty hor­ror story


Posted in Cybersecurity, Data Security, Featured Story