Your Cloud User Behavior Analytics Primer In our recent cloud cybersecurity report, we discovered 1% of users are responsible for 75% of the risk in cloud applications. With such…

Your Cloud User Behavior Analytics Primer

Russell Miller

Russell Miller has spent over nine years in network security in various roles, from ethical hacking to marketing. As Director of Product Marketing at CloudLock, he evangelizes cloud security as a business enabler.


In our recent cloud cybersecurity report, we discovered 1% of users are responsible for 75% of the risk in cloud applications. With such a highly disproportionate distribution of risk, an increasing number of security professionals are looking to cloud user behavior analytics to secure their organization.

Business Challenges

Hackers are bypassing security controls, particularly those that are perimeter-based. Also, events are not correlated across platforms. Often, you will see a user log into one cloud application in one location, and then the same user logs into another cloud application halfway around the world only an hour later. While the security on each individual platform may be strong, they will not detect events between cloud applications. Finally, today’s security administrators are inundated with so many unimport alerts, they miss the critical security breaches.

The security professionals we speak to are concerned about three primary facets of cloud cybersecurity: data, applications, and accounts. In the center of that all is the user – and this is why we speak about people-centric cloud security.

User Behavior Analytics Defined

Analytics itself is detecting meaningful patterns in data. For security, this means looking at user behavior to detect anomalies that may indicate a security breach.

When leveraging user behavior analytics capabilities, there are five key functionalities to focus on:

  • Detecting account compromise, particularly for administrative accounts – imagine the consequences if administrative accounts to critical cloud applications were compromised.
  • Forensics: if you suspect a compromise, can you determine who did what – and when? This should be visible in a very visual and intuitive way.
  • Incident Management: throughout the incident, can you efficiently and effectively resolve the underlying security issue?
  • Configuration Security: Ensure your cloud platforms are following configuration standards that meet best practices and you can detect when any configurations are changed.
  • Privileged User Monitoring: Understand exactly what your privileged users have done – and when they did it.

The 1% Who Can Take Down Your Organization

If cloud cybersecurity is of interest, you should find this report fascinating. Our analysis of user user behavior across 10 million users, 1 billion files, and over 91,000 cloud applications, shows that 75% of the security risk can be attributed to just 1% of users. Read the full report for additional insights on cloud cybersecurity trends across users, collaboration, and applications.

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser