Whether it’s Tom Cruise swiping through virtual holographic databases to prevent crimes yet to be committed in Minority Report, or Rick Moranis discovering his radar has quite literally been jammed in Spaceballs, fictional SOC’s are everywhere. And rightfully so: as a plot device, they give our characters an unmatched wealth of knowledge, the power of educated decision making, and the ability to take action. Plus, they look cool.
Imagine the lack of suspense and excitement in 2015’s Jurassic World without the high-tech SOC. Here, the characters were able to surveil the entire theme park, identify deadly security breaches, and react at breakneck speed. (Spoiler alert: dinosaurs escape and wreak havoc on the unsuspecting humans. Go see it.)
This level of security oversight is no longer just a fictional hollywood trope. As businesses move to the cloud, we all need to keep an eye out for genetically mutated dinosaurs on the run, figuratively speaking, that is. Your cloud SOC, if done right, is your all-seeing eye into the threat landscape, so it’s crucial to become a master. And here’s how…
1. Find the right people
The overarching pillar of an effective Cloud SOC is your security team. It’s crucial to enlist knowledgeable security professionals who:
- Are skilled at detecting, interpreting, preventing and reacting to any signs of threats
- Can make quick, impactful decisions
- Commit themselves to user education and enablement (and don’t treat the users like the enemy)
- Implement processes to increase productivity
- Strive to get the most value out of the tools you invest in
2. Know who your users are
The days of only monitoring approved users on approved devices are over. Anyone can access data from anywhere, and on any device. As the master of your cloud SOC, you need to be able to monitor the user traffic that matters. Things to look for:
- Are users who they say they are? It’s important to make sure your usernames and passwords don’t fall into the wrong hands. Implement two-factor authentication to prevent stolen credentials, and monitor user behavior closely across all platforms to identify anomalies indicative of account compromises.
- Where are people logging in from? Look out for any instances where an employee’s credentials are used to access data from two geographically distant locations in a timeframe that would make traveling between those two destinations impossible.
- When are people logging in, and how frequently? Beware of any long-dormant accounts that are suddenly active, for example.
- What are they doing? Are any users exhibiting suspicious behaviors atypical to normal business procedures? Have any passwords been changed unknowingly? Is anyone accessing files they wouldn’t normally need?
- What are the implications? It’s not just about logins. Look for users creating, changing, sharing, and moving data around within your system. Be aware of any instances where sharing permissions change. Do you have a disgruntled employee trying to gain access to classified information? A hacker? Or, perhaps just a user making careless mistakes? Both the level of danger and the remediation strategy depends heavily on who causes these alerts and why.
3. Block malicious apps
Today’s threat landscape has changed. Cyberattacks are not only originating from easily-identifiable sources such as spam emails and phishing attacks. Many cyber attacks now begin at an application level. When enabled by employees through their corporate credentials, third-party apps can gain access to core corporate cloud applications and become a quick and easy way for hackers to infiltrate your organization. Use your cloud SOC to:
- Identify malicious third- party apps
- Find instances of trusted applications that have been breached
- Shine a light on any communications that occur between applications
- Analyze the access scopes of applications that are connecting to your environment
- Ban or revoke access to apps that pose threats
4. Monitor and protect data in the cloud
With all the breaches happening lately, we need to be prepared for the worst. Not only is it important to protect the data that matters to you, but it’s also imperative to be able to act quickly when a breach inevitably occurs. The key is to be proactive with protection measures, always stay aware, and be ready to take action when needed. Things to consider:
- What data is considered sensitive in your industry, and who should/shouldn’t have access to that data?
- When sensitive data is accidentally exposed– whether internally or publicly– should it be automatically encrypted? Should your users be alerted? Should permissions automatically be revoked?
- Are there any internal or governmental regulations your organization needs to comply with? (Think HIPAA, PCI DSS, FERPA, etc.) What automated actions should be taken if compliance is not met?
Make Life Easier: Get Started With Your Cloud SOC
Request a Free Security Assessment to find out how CloudLock’s unified security dashboard can enhance your organization’s cloud Security Operations Center. Gain insight, control, and the ability to act quickly with user-friendly, 360° monitoring over your cloud environments– IDaaS, SaaS, PaaS, and IaaS:
- Expose potential compromised accounts, cloud malware, and data security violations
- Validate compliance with internal or industry-governed regulations – PCI, HIPAA, FERPA, and more
- Receive a business analysis, mapping findings to your organizational goals