Page 17 - index
P. 17
To add to the cloud complexity, the role of the insider is changing. While Edward Snowden may
be considered the “insider threat” poster child, remember that not all employees have malicious
intentions. In fact, any employee that has powerful, privileged access rights – such as system or
database administrators – can be used as a conduit for cyber activity.
Offenders can range from malicious to accidental (sometimes it is as simple as clicking a link)
that put data at risk.
The insider threat landscape is becoming increasingly difficult to deal with as insiders move
beyond employees who have access to corporate data.
Add to the mix business partners, suppliers, contractors and third-party service providers who
have access to your network or cloud resources (including privileged access in many cases) as
well as the fact that attackers target all of these insider accounts for compromise, and suddenly
security requires a completely different formula.
According to the survey, cloud adoption would increase if service providers did more to
remediate fears of transitioning to the cloud.
Top three data and cloud concerns include:
1. Lack of control of data location (69 percent globally)
2. Privileged user abuse at the cloud provider (67 percent globally)
3. Vulnerabilities from shared infrastructure (66 percent globally)
Data protection concerns are the major reason why two thirds of senior business and IT
managers see the cloud as a worrying, unsafe and uncontrolled environment. While threats
from the cloud and big data environments elicit significant concerns, a robust set of tools can
help ensure data is kept safe.
Enterprises need security options that offer both better visibility and higher levels of service
commitments from cloud providers. Survey results show enterprises are willing to adopt more
cloud services provided their security needs are met.
The top four changes that would increase their willingness to use cloud services include
• 55 percent asked for encryption of data with enterprise key control on their premises
• 52 percent selected encryption of their organization’s data within the service provider’s
infrastructure
• 52 percent also want service level commitments and liability terms for a data breach
• 48 percent desire explicit security descriptions and compliance commitment
We’re already seeing some CSPs in both Infrastructure as a Service (IaaS) and Software as a
Service (SaaS) start to either standardize on greater security measures as core differentiation
for their offerings, or partnering to offer these services.
The breadth and depth of private and public sector breaches in the past few years further
indicates there is a major disconnect when it comes to organizations’ handling of data security.
Breach after breach we’ve seen insiders, or an attacker that compromised insider accounts,
wreak havoc.
17 Cyber Warnings E-Magazine – July 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
