- The Washington Times - Thursday, August 27, 2015

Cloud computing has changed the way organizations operate by allowing applications and data sets to be accessed from anywhere with Internet. But researchers warn in a new report that entire businesses can be easily brought down because of serious risks caused by a concentration of authority evidenced across the cloud.

Analysts with CloudLock, a Massachusetts-based security firm, say companies that put their product on the cloud are often times also placing a tremendous — and potentially dangerous — amount of trust in a small group of privileged users. 

Just one percent of all users account for 75 percent of the risks faced by an entity that operates on the cloud, according to a report published by the firm on Wednesday this week.

That elite few is often comprised of system administrators, “super users” with special privileges and credentialed security teams, CloudLock said, and are responsible for the vast majority of instances where files are shared and applications are installed.

Because those operations are among the most likely to be exploited by hackers, cybercriminals attempting to infiltrate an organization needn’t target every account holder on a given system, but rather set their sights on the top one-percent.

“A cyber attack focusing on just these few power users can result in a major data breach for the entire company, risking a majority of company assets,” the report reads.

Two of the largest data breaches in American history — those suffered by the U.S. Army and the National Security Agency through actions attributed to Pvt. Chelsea Manning and former contractor Edward Snowden, respectively — each occurred after credentialed users leaked information that they had been authorized to view. NSA disclosures have since revealed that the US targets system administrators who maintain computer networks, and in some cases have gone after “sysadmins” employed at foreign telecoms in order to crack into phone and Internet networks for intelligence gathering purposes.

“Who better to target than the person that already has the ‘keys to the kingdom’?” one NSA official wrote in an internal posting previously provided by Mr. Snowden to journalists.

State-sponsored hacks aside, CloudLock’s report suggests that users are as much of a security risk as any other component, and allocating too much trust within too few people makes those individuals attractive targets.

“Cyber attacks today target your users — not your infrastructure. As technology leaders wake up to this new reality, security programs are being reengineered to focus where true risk lies: with the user,” CloudLock CEO and co-founder Gil Zimmermann said. “The best defense is to know what typical user behavior looks like — and, more importantly, what it doesn’t.”

It’s “crucial” for security teams to be totally aware of the one percent of users who hold those “keys to the kingdom,” according to CloudLock, and abnormal behavior, like logging into databases from unusual locations and browsing often overlooked files and folders, should raise questions about whether that person is using their access as intended — or if a hacker has assumed their identity.

“If someone with your credentials logs into his Salesforce account in Boston, and five minutes later, logs into his Workday account from China, without the benefit of time travel, we know you couldn’t be in those two places at once. That triggers a response for us that something is wrong or abnormal,” Ayse Kaya Firat, director of customer insights and analytics at CloudLock, told The Washington Times.

The findings included in the firm’s third-quarter cybersecurity report stem from an analysis of more than 1 billion files shared by over 10 million cloud users, according to CloudLock, whose customers include Google and Microsoft. The Department of Defense, meanwhile, said Wednesday that contractors who operate on the cloud are required immediately to adhere to new rules regarding cyberattacks and data breaches. According to the Pentagon, roughly 10,000 contractors will now be obligated to notify the DOD within 72 hours of any cyber incidents spotted on their networks.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide