On Wednesday, Ponemon Institute released a report highlighting the growth in companies suffering a data breach within the last year. The figure jumps from last year’s 33% to 43% – and businesses are responding. The number of organizations that have a data breach response team or plan has increased from 61% to 73%.
As businesses embrace and standardize on SaaS applications, users are given the power to control the access, location, and distribution of sensitive data at a faster pace than ever before. While cloud platform vendors own security at the infrastructure level and businesses are responsible for defining and enforcing policies internally, organizations must recognize the potential role of users. Users can serve as the first line of defense, or the weakest link in the chain.
We Have Met The Enemy – And (S)he is Us
The cause of these breaches is no mystery – the information security industry has recognized user behavior as the primary source. Michael Bruemmer, Vice President of Experian’s data breach resolution group, offered his thoughts in a USA Today article on the report, explaining that over 4 in 5 data breaches his team investigates “had a root cause in employee negligence.” But how does user behavior in the cloud increase the likelihood of a data breach?
- Data Sprawl. With the new ability to work anywhere, anytime, on any device, it becomes quick and easy for users to share files broadly, not always understanding the implications.
- 3rd Party Apps. At CloudLock, we’ve discovered nearly 10,000 3rd party cloud apps enabled in corporate domains. While many offer value, they also have the potential to open a backdoor into the organization via permissions granted to the app by users leveraging their corporate credentials via OAUTH.
Want to Stay Out of the Headlines? Here’s How.
Cyber security attacks target sensitive data, be it credit card information from a retailer, intellectual property from a manufacturer, M&A information from a publicly traded company, or other critical information.
Adopt a defense in depth strategy, including both perimeter and account protection, as well as the identification and protection of sensitive data. Ensure the security integrity of sensitive data, either on-premises or in Cloud applications, through a three-step process:
- Discover. Learn where your critical data is stored and who has access to it. Be sure to include SaaS applications your organization has standardized on as well as account for users’ self-provisioned 3rd party apps.
- Classify. Data should be classified based on any sensitive content it may contain. Consider developing a tiered system to classify data. Consider a wide range of acceptable exposure levels based on the data’s degree of sensitivity: public, internal, specified internal parties, and select few.
- Control. Address incidents by quarantining data and ensuring unnecessary access is removed. In the instance of highly sensitive data, leverage a file-level encryption solution to provide an extra layer of defense.
Ready for more?
In our CISO’s Guide to Cloud Security eBook, you will:
- Learn the characteristics and priorities of today’s forward-thinking security leaders
- Obtain actionable guidelines to initialize and execute an effective cloud security program
- Be empowered to bring it all to life with a formula to measure the impact of security efforts in every organization