Avoid a Breach: Five Tips to Secure Data Access
Published 12/18/2017
By Jacob Serpa, Product Marketing Manager, Bitglass
Although the cloud is a boon to productivity, flexibility, and cost savings, it can also be a confusing tool to utilize properly. When organizations misunderstand how to use it, they often expose themselves to threats. While there aren’t necessarily more threats when using the cloud, there are different varieties of threats. As such, organizations need to employ the below cloud security best practices when they make use of applications like Salesforce, Office 365, and more.
Password123
When an employee uses one insecure password across multiple accounts, it makes it easier for nefarious parties to steal corporate information wherever that password is used. In light of this, organizations should require unique passwords of sufficient length and complexity for each of a user’s SaaS accounts. Additionally, requiring employees to change their passwords regularly - perhaps every other month - can provide an additional layer of security.
Authenticate or Else
Whether it occurs through employee carelessness, a breach from a hacker, or a combination of the two, credential compromise is a large threat to organizations. As detecting rogue accounts can be a challenging endeavor, multi-factor authentication should be employed as a means of verifying that accounts are being used by their true owners. Before allowing a user to access sensitive data, organizations should require a second level of verification through an email, a text message, or a hardware token (a unique physical item carried by the user).
Data on the Go
The rise of BYOD (bring your own device) has given individuals access to corporate data from their unmanaged mobile devices and, consequently, exposed organizations to new threats. In light of this, enterprises must secure BYOD, but do so in a way that is simple to deploy and doesn’t harm device functionality or user privacy. This is typically done through data-centric, agentless security. With these tools, organizations can secure data on unmanaged mobile devices in a timely, secure, non-invasive fashion.
Put the Pro in Proactive
Oftentimes, as more and more data moves to the cloud, organizations fail to monitor and protect it accordingly. They adopt after-the-fact security that can allow months of data exfiltration before detecting any threats or enabling remediation. However, in a world with regulatory compliance penalties, well-informed consumers, and hackers who can steal massive amounts of data in an instant, a reactive posture is not adequate. Organizations should adopt proactive cloud security platforms that enable real-time detection of malicious activity. Failure to utilize tools that respond to threats the moment they occur can prove disastrous for an organization’s security, finances, reputation, and livelihood.
More Malware More Problems
With all of the cloud applications and devices storing, uploading, and downloading data, malware has a number of attack surfaces it can use to infect organizations. If a single device uploads a contaminated file to the cloud, it can spread to connected cloud apps and other users who download said file. While protecting endpoints from malware is necessary, it is no longer sufficient. Today, organizations must deploy anti-malware capabilities that can defend from threats at upload, threats at download, and threats already resting in cloud applications. Defenses must lie in wait wherever data moves.
Now What?
Cloud access security brokers provide a breadth of capabilities that can enable the above best practices. Download the Definitive Guide to CASBs to learn more.