Five Questions Every CEO Should Ask Their CIO / CISO

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://cloudcomputing.sys-con.com/node/3101095

Today is the one-year anniversary of the historic Snowden disclosure.  In
the year since the first stories about Edward Snowden appeared, one of the
lasting affects of the scandal is a heightened awareness of the risk posed
by rogue insiders. This increased focus on rogue insiders has spread beyond
the government to the private sector, and from security circles to
corporate executives.

> From product designs, formulas, and customer information, all companies
have data that could harm their business in the hands of a competitor,
making insider threats like Snowden an executive-level concern due to the
potential negative impact on the company's business operations and value.
And with the ubiquity ofcloud services, insiders are increasing exploiting
the cloud to exfiltrate data.

We've distilled lessons learned from Snowden scandal and created 5
questions every CEO should be asking their CIO / CISO in order to avoid a
catastrophic rogue insider event in the private sector both in using cloud
as a vector of exfiltration as well as protecting their data stored in the
cloud.

1. Can we identify unusual user or network activity to cloud services?

Many companies already archive log data from firewalls and proxies and use
basic search capabilities to look for specific behavior. Unfortunately,
basic search capabilities are ineffective at analyzing petabytes of data to
proactively identify different forms of anomalous behavior. Today, there
are machine learning techniques algorithms that establish baseline behavior
for every user and every cloud service and immediately identify any
anomalous activity indicative of security breach or insider threat.

2. Can we track who accesses what cloud-hosted data and when?

CIO, CTO & Developer Resources

Snowden was able to steal roughly 1.7 million files and to this day the NSA
doesn't know exactly what he took. With the rapid adoption of cloud
services, companies need to make sure that their cloud services provide the
basic logging of all access to cloud services, including those by admins
and via application APIs. Furthermore, companies need to make sure that
cloud services provide historical log data of all accesses in order to
support forensic investigations when an event does occur.

3. How are we protecting against insider attacks at the cloud service
providers?

Encrypting data using enterprise-managed keys will enable employees to
access information while stopping unauthorized third parties from reading
the same data. Experts recommend encrypting sensitive information stored on
premises and also in the cloud. By encrypting data in this manner,
companies add an additional layer of protection over and above
authentication and authorization that protects against insider attacks at
the cloud service provider end.

4. How do we know unprotected sensitive data is not leaving the corporate
network?

Many companies enforce data loss prevention policies for outbound traffic.
 With the increasing use of cloud services (the average company uses 759
cloud services), companies should also extend their access control and DLP
policy enforcement to data stored in the cloud. And as they do so, they
should make sure that they are not reinventing the wheel and rather
leverage their existing infrastructure. Companies should consider
augmenting on-premise DLP systems and their existing processes to extend
DLP to the cloud, with reconnaissance services that look for sensitive data
in cloud services in use by the enterprise.

5. Can we reduce surface area of attack by limiting access based on device
and geography?

The ability to access sensitive information should be dependent on context.
For example, a salesperson in Indianapolis viewing customer contacts stored
in Salesforce for customers in her territory using a secure device is
appropriate access. Using an unsecure or unapproved device from another
location may not be appropriate and could expose the company to risk.
Limiting access to appropriate devices and appropriate locations will help
prevent exposure.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!