Have you got a Skelton in your cloud closet?

In July 2015, Andrew Skelton was sentenced to eight years for a data breach at supermarket group Morrisons. But what’s that got to do with running a cloud services business?

Actually, it’s highly relevant when you consider who Skelton is.  He was the company’s senior internal auditor and how he stole and published sensitive employee data is a dramatic example of an insider hack by a trusted member of staff.

While cloud service providers like data centre and hosting companies have little to do with in-store bakeries, shopping trolleys with wonky wheels and the price of baked beans, they too could risk being blindsided by the threats posed by employees with privileged access rights. This can include senior administrators who, like Skelton, have legitimate access to sensitive data and systems. And, like Skelton, they could go rogue and cause financial and reputational damage on a huge scale.

[easy-tweet tweet=”We have tended to visualise the hacker as the outsider, but this isn’t always the case” user=”Courion and @comparethecloud” hashtags=”security”]

We have tended to visualise the hacker as the outsider. But, serious data breaches like Morrisons are more likely to be the work of a disgruntled or criminal employee and highlight the importance of controlling access to employees in any position who have access to sensitive data or systems.

Thankfully, awareness of internal threats is becoming better understood.

According to the authoritative Verizon 2015 Data Breach Investigations Report, 55 percent of all insider breaches in the last 12 months were examples of privilege abuse. In other words, any employee account could be the subject of an outsider taking control for malicious motives. Of these cases, financial gain and convenience were reported as the primary motivators.

[easy-tweet tweet=”55% of all insider breaches in the last 12 months were examples of privilege abuse” user=”courion” usehashtags=”no” hashtags=”cloudsecurity”]

So what are the best strategies?

While monitoring employee behaviours might be one place to start, it would be impossible and invasive to monitor employee behaviours. What’s more, with the vast amounts of complex access privileges assigned to a large number of employees, the problem is a technical one.

It’s also likely that an insider hacker will be as, if not more, sophisticated and capable as an external one. Indeed a senior administrator within a cloud business will have access to more techniques and opportunities to hide their exploit. They may be able to operate within the business using multiple accounts under different identities. Some might possess access privileges from previous roles that are no longer appropriate or have conflicting permissions and should have been terminated long ago.

Whether their staff are a risk or not, cloud businesses should be determined to get on top of identity and access management. Indeed, a prime strategy should be to undertake a regular and deep audit and clean up of how access privileges are being assigned with ongoing management and control through identity governance and management.

This vital exercise can reveal some nasty surprises. For example, my company did an analysis of one global business and discovered 1000+ abandoned contractor accounts, 100+ terminated employee accounts that needed to be de-provisioned, 14,000 inactive user groups and over 25 or so users with access in excess of their role. And, this was a business that had otherwise very robust data security and a large IT function.

doing a thorough houseclean of access privilege is an extremely sensible first step

For businesses that might rely on temporary or contractor workers, a similar hidden set of risks may be lurking even behind an otherwise well run IT operation. Therefore, doing a thorough houseclean of access privilege is an extremely sensible first step. But this high standard needs to be sustained by choosing processes and systems that significantly reduce the risks by making access management and governance much easier to enforce and do.

Complementing other HR and technology strategies like perimeter protection and encryption should be how the chief information security officer (CISO) has access to the very best intelligence about who has access to what; and a clear view of the anomalous behaviours that could be the precursor or immediate evidence of an insider hack.

Users tend to leave footprints wherever they go on the network, and their activities can be collected and scrutinised using predictive analytics. New intelligent identity and access management tools are able to sift through huge volumes of user activity and pinpoint and analyse the greatest access risks in real time. This enables businesses to quickly identify misuse of access privileges and take appropriate actions to mitigate the potential damage for their organisation before the insider hack occurs.

With the use of real-time access insights, organisations will be able to detect not only existing security vulnerabilities but also potential risk areas and identify the actual causes for these risks. For example, hidden Active Directory Group Nesting is a leading cause of inappropriate access that is usually under the radar of native Access Management. This new visibility of access privileges will result in improved control over how sensitive data is being used and shared by employees, and a better understanding of access risk.

[easy-tweet tweet=”With the use of real-time access insights, organisations will be able to detect existing security vulnerabilities ” via=”no” usehashtags=”no”]

Ultimately, the best practice for protecting your organisation against privileged access misuse may come down to a much more holistic approach that blends technology with the skills of an organisation’s human resources leadership in overseeing and controlling processes for new joiners, leavers and internal movements of staff and changes in roles and responsibilities. With the next generation access intelligence solutions now available, enterprises can weigh the risks to vital assets such as intellectual property and customer information and settle them instantly.

+ posts

Newsletter

Related articles

How the cloud could hold the answers to the world’s biggest questions

Considering the cloud is already doing its part to solve the huge problems of climate change and cybersecurity, its functionality holds enormous promise to contribute further and solve even more of the world’s most pressing issues. 

Clarifying UK cloud adoption patterns

There is no doubting the shift towards cloud adoption. What is far more unclear is the exact path this is taking, and what ‘cloud adoption’ really means in terms of the IT choices made by UK companies.

SMEs: The Move from Legacy to the Cloud

Digital transformation is clearly a mainstream strategy, and the cloud has certainly shown its value in recent times more than ever before.

Don’t lose sight of SAP on Cloud operational excellence

Digital transformation projects can often become complex with twists and turns, which can lead organisations to focus solely on the migration itself.

Need to reduce software TCO? Focus on people

Investing in software is undoubtedly important for enterprises to stay ahead. However, the process is rarely a simple task for CIOs and IT leaders.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our Newsletter