Data breaches continue to increase in frequency, severity, impact, and cost, as demonstrated by a 38% increase in known security incidents from 2015 to 2016, according to PWC’s Global State of Information Security Survey. In parallel, the global average cost of a breach has increased from $3.8 million (2015) to $4 million (2016), according to a recent Ponemon study. The rapid adoption of cloud services has further expanded the threat surface and security risks facing organizations, as evidenced by last week’s massive data breach at Zynga.
Skyhigh’s research shows that the average organization faces 23.2 cloud-related security incidents each month, which includes insider threats (accidental and malicious), compromised accounts, and attacks that use the cloud as a vector to exfiltrate data. And while the cloud has brought with it a plethora of benefits, traditional enterprise security controls have had a hard time keeping up with the rapid evolution of how the cloud is being used and its underlying technology.
In this eBook, we will discuss the state of cloud threat protection and why it needs a new approach, and take a deep dive into the underlying technologies and must-have components powering effective cloud threat protection. We will then identify the data sources needed in order to gain the type of granular visibility and deployment paths for enforcing safe cloud access. Lastly, we will outline proven best practices around threat protection being used at forward-looking enterprises today.
In recent years, attention has shifted from the security of the underlying cloud infrastructure to the secure use of cloud applications. A single user can do a lot of damage, like when a former Morgan Stanley financial advisor pleaded guilty to stealing 730,000 account records from 2011 to 2014 and saving them on a personal server at home. Russian hackers are suspected to have stolen that data from his home server. During this time, the employee was also in discussion with two other banks that compete with Morgan Stanley about potential employment. Similarly, a 2015 breach of 79 million customer records at health insurer Anthem was traced back to a single account compromised by cyber criminals.
Internal user error and impropriety is becoming an increasing concern. According to Gartner’s Top Predictions for IT Organizations and Users for 2016 and Beyond, “through 2020, 95% of cloud security failures will be the customer’s fault.” The security controls organizations have relied on up to now are no longer adequate because they do not provide the needed visibility into the use of cloud services or threats to data in the cloud. That’s because they were built with a focus on detecting and preventing threats at the perimeter and on the network.
As an example, firewalls, web proxies, and intrusion prevention systems do not have visibility into third parties accessing enterprise cloud services because they are out of band. For that reason, organizations are looking to cloud access security brokers (CASBs) to deliver a single control point for cloud services—including visibility into cloud usage and the ability to detect threats in the cloud.