Can a CASB Protect You From the Treacherous 12?
Blog Article Published: 04/25/2016
By Ganesh Kirti, Founder and CTO, Palerra Many frequently asked questions related to cloud security have included concerns about compliance and insider threats. But lately, a primary question is whether cloud services are falling victim to the same level of external attack as the data center. With Software as a Service (SaaS) becoming the new normal for the corporate workforce, and Infrastructure as a Service (IaaS) on the rise, cloud services now hold mission-critical enterprise data, intellectual property, and other valuable assets. As a result, the cloud is coming under attack, and it’s happening from both inside and outside the organization. On February 29, the CSA Top Threats Working Group clarified the nature of cloud service attacks in a report titled, “The Treacherous 12: Cloud Computing Top Threats in 2016.” In this report the CSA concludes that although cloud services deliver business-supporting technology more efficiently than ever before, they also bring significant risk. The CSA suggests that these risks occur in part because enterprise business units often acquire cloud services independently of the IT department, and often without regard for security. In addition, regardless of whether the IT department sanctions new cloud services, the door is wide open for the Treacherous 12. Because all cloud services (sanctioned or not) present risks, the CSA points out that businesses need to take security policies, processes, and best practices into account. That makes sense, but is it enough? Gartner predicts that through 2020, 95 percent of cloud security failures will be the customer’s fault. This does not necessarily mean that customers lack security expertise. What it does mean, though, is that it’s no longer sufficient to know how to make decisions about risk mitigation in the cloud. To reliably address cloud security, automation will be key. Cloud security automation is where Cloud Access Security Brokers (CASBs) come into play. A CASB can help automate visibility, compliance, data security, and threat protection for cloud services. We thought it would be interesting to take a look at how well CASBs in general would fare at helping enterprises survive the treacherous 12. The good news is that CASBs clearly address nine of the treacherous 12 (along with many other risks not mentioned in the report). These include: #1 Data breach #2 Weak ID, credential, and access management #3 Insecure APIs #4 System and application vulnerabilities #5 Account hijacking #6 Malicious insiders #7 Advanced persistent threats #10 Abuse and nefarious use of cloud services #12 Shared technology issues There are countless examples of why being protected against the treacherous 12 is important. Some of the more high profile ones:
- Data breach: In the 2015 Anthem breach, hackers used a third-party cloud service to steal over 80M customer credentials.
- Insecure APIs: The mid-2015 IRS breach exposed over 300K records. While that’s a big number, the more interesting one is that it only took 1 vulnerable API to allow the breach to happen.
- Malicious Insiders: Uber reported that their main database was improperly accessed. The unauthorized individual downloaded 50K names and numbers to a cloud service. Was it their former employee, the current Lyft CTO? That was Uber’s opinion. The DOJ disagreed and a lawsuit ensued.