Jason Carolan is Chief Innovation Officer of Flexential.
As we all know, the mass migration to the cloud as part of digital transformation can be fraught with danger for any enterprise. Omnipresent among these concerns is the critical issue of cloud security which presents challenges to IT infrastructure providers and customers on a daily basis – literally. Every day, an estimated 2.5 quintillion bytes of data are generated — and there are no signs of things slowing down. Data comes from an increasingly vast and diverse array of sources: digital photos and videos; sensors that gather everything from climate-information to the number of steps taken-per day; posts to social media sites; cell phone GPS-signals and much more.
A quick scan of the headlines makes it easy to see why data protection and regulatory compliance are growing concerns for many companies across an array of industries. The average cost of a data breach is more than $6 million, according to the Ponemon Institute. This, combined with the resulting reputational damage, is enough to cripple many organizations – or put them out of business.
Threats don’t wait and as such cloud security is the priority that can’t afford to wait either. Tough decisions will need to be made with the grudging acceptance that CIOs can’t protect their organizations from everything. They instead need a sustainable set of controls that balances their need to protect their business and the necessity to run and grow it. This requires a proactive strategy that is equal parts immediate, effective, practical, nimble and multifaceted – all at once. Simply put, cloud security requires a blended approach with a focused human touch – so to speak.
Tech-based Approach No Longer Enough
The conventional wisdom on cloud security has been almost solely technology-based for good reason. But as the ground continues to shift beneath our feet, and threats grow in breadth and complexity, business and security leaders must understand that a comprehensive cloud security strategy must necessarily involve educating users at every level. Employees must be made aware of the threats that both they and their employers face, as well as how to combat them.
We’re all human after all.
It’s daunting to pause and consider all of the common oversights and missteps that can open the door to opportunism and lead to compromised data throughout the enterprise. Weak passwords are frighteningly common as are unsecured mobile devices. Sharing access with unapproved personnel - such as non-finance employees having financial documents or non-HR executives with access to personnel files is also a considerable concern, not to mention uploading of unencrypted data just to name a few. A simple action to share files, with all the right intentions can have downstream impacts that are far reaching.
One thing that each of these vulnerabilities has in common is identifiable and correctible human behavior, which means that the cloud security landscape must now become more behavioral-based. Online information access behavior is changing at lightspeed and customers must better employ behavioral analytics - with a focus on human trends, patterns activities and habits - to ensure cloud security for the enterprise. User Behavior Analytics (UBA) solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats. Instead of tracking devices or security events, UBA tracks a system's users.
This begins by asking the right sequential questions.
- What user patterns are we seeing?
- Are they considered normal?
- Why is this person conducting online activities X,Y or Z?
- How does this impact their expected online behavior?
- How does this behavior reflect on a risk management perspective for the company?
Remember, humans are typically creatures of habit and on top of that, most employees’ responsibilities and tasks are a matter of practiced routine. This combined level of predictability – both human nature and official job requirements – can be an enormous asset in guarding against data breaches. Enterprises can use behavioral analytics to create and lay out a standard baseline of expected “normal” activity as it relates to data use. Only then can it truly begin to set the trap for spotlighting abnormalities that may be a sign of malicious intent or mistake, and follow up as necessary.
Technology alone is not enough, but coupled with the proper utilization of UBA solutions the combined model can shine a light on the issues both minor and major – from identifying weak passwords, common mobile users and unauthorized access, to playing a key role in thwarting crippling and costly enterprise-wide cyber security breaches and attacks. Cyber security continues to be an incredibly complex and multi-layered problem instigated by humans and will increasingly require a blended approach of technological safeguards and a focus on the human touch. As security solutions mature, we can expect to see artificial intelligence and machine learning to play a larger and more critical role in determining critical events and preventing data loss down the road.
Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Informa.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating.