Google Ads

Choose a Cloud Service you take this into account Six Internal threats yet?

Cloud Service you take this into account Six Internal threats

For cloud computing data, the most important risk is often that external attackers can exploit loopholes, but from its internal security team believes companies equally terrible threat.

Lift the insider threat this keyword, may we all remember Snowden event that insiders data disclosed to the media and caused widespread concern. The reality is that, similar to the tip of the iceberg Snowden events, internal threats may be because careless employees or malicious insiders trying to seek personal interests. Although only 17 percent of security professionals who know their business within the internal threat, but the data Skyhigh latest cloud deployment and risk reporting is shown in the past year, 85% of businesses unusual activity could mean internal threats.

Cloud computing has greatly expanded the scope of the company's internal threats, cloud computing applications sheer number of programs (over 8000) and immature audit and management control, which causes a lack of visibility of these applications and management.
 Let's take a look at some of the insider threat cloud terrible situation:

1. The sales staff to quit

In the most common case of internal threats, sales representatives left the company, with sales leads to rival companies. In all walks of life, this situation is very common, especially in the highly competitive market. And steal sales leads difficult to find.

Compared to physically steal information, cloud computing services allow this kind of thing more undetectable. Sales team provides a number of sales leads for employee access, and employees can easily click on the button to get. Allowing thousands of salespeople logged enterprise, the challenge is to find anomalies in their daily activities.

2. When the administrator become internal threats

Employees at all levels of businesses rely on cloud services to complete their work, including C-level executives. However, the privileged user has a unique power: for storage management access to data in the cloud services.

Some large technology companies are concerned the internal management staff of CRM software operating authority. These administrators are responsible for managing user permissions and security policies. At the same time, they can access cloud services business data, which may pose a security risk. Another example: cloud storage services executive administrator can access only to see financial projections, as well as confidential information.

3. The danger from within

Insider threats usually refers to employees, but employees of cloud service providers may also data from seeping inside. For example, access to the service cloud services hosted on confidential corporate data is used internally by the Human Resources staff in terms of cloud service providers. According to the user agreement, the cloud service provider may not even need to be responsible for loss of data. This case shows that enterprises use cloud security controls must contain a certain level, to simultaneously against external and internal threats.

4. Data sharing with third parties

Cloud services enable worldwide collaboration, but it also means that the data may be transferred to the place should not be there. For example, a company's developers outsource their work to their Chinese counterparts, he paid Chinese workers money to complete his work, and to maintain their profit margins. Putting aside the legality of this creative approach allowed employers may face security risks, because the enterprise data is publicly shared with third parties.

5. Shady service

Violation of enterprise cloud computing use policies constitute another type of internal threats, which may include improper use Facebook to illegal file-sharing. In the worse case, the employee uploads the data to develop the site, such as CodeHaus, upload the site to determine the ownership of intellectual property in terms of its user agreement. Send data to these services may have legal consequences, if sensitive information is leaked intellectual property rights, and may even be harmful to business.

6. Meaning but misguided

Not all internal threats come from malicious perpetrators. Enterprise rich consumer level application lets employees may inadvertently leak data. In a financial services institution hapless employee accidentally uploaded sensitive data to Facebook, this is definitely better than in the social media "over-sharing" more serious.
Previous
Next Post »