The world of cloud security is known for moving fast, turning on a dime, and evolving with ever-growing threat vectors. The Federal sector, on the other hand, has highly regulated, rigorous standards when it comes to their security, and for very good reason. The data they’re protecting is about as sensitive as it gets, and any exposure is literally a matter of national security.
Imagine an AWS user in your environment escalates privileges by assuming a role (calling sts:AssumeRole) and performs a malicious action. How will you know in the first place and how will you find the offending user in order to remediate the situation? CloudTrail of course. But you find that the event logged for the malicious action tells you the role and not necessarily the original user.
In the past, there was a clear demarcation between the role of the enterprise network and the internet. Network architects focused on the networks that were under their direct control, and relied on their service provider to provide access to the internet. With the rise of cloud applications, we’re seeing a shift in the demarcation.
Netskope Threat Labs recently posted the second entry in our leaky cloud app series about Google Groups. In this edition, we will cover Google link sharing misconfigurations leading to the accidental internal and public exposure of sensitive data. This post details the common misconfigurations in Google link sharing that lead to unintended data exposure and provides recommendations to prevent such data leaks.
If we had a dollar for every blog post that started with “we are living in unprecedented times” in the last month, we’d be sipping mai tais … in our living rooms. But it certainly is true and I don’t mean to make light of the extreme situation we’re all in right now.
In my recent blog about advanced data protection, I covered how data protection requirements have evolved and how the SWG (secure web gateway) needs to also evolve to be effective in protecting data everywhere it goes. The final use case is centered around protecting users that are going direct-to-internet. This is arguably the most important use case I am covering in this blog series.
In December 2019, I wrote a blog recommending CIOs and CISOs review their annual budgets in 2020 and continue to reduce their spend on legacy appliance-based network and security controls with a move to a scalable and future-proof cloud-based architecture. In the past few months since then, the world has changed.
The remote workforce has exploded globally with more employees working from home than ever before. Indeed, on any given day, approximately 60% of workers are remote (Forbes: https://www.forbes.com/sites/johnkoetsier/2020/03/20/58-of-american-knowledge-workers-are-now-working-remotely/#57a4f2f53303). In order to maintain, if not, boost productivity, scalable and simple collaboration tools are needed.