Web-to-Cloud Migration Raising Attack Profiles
Most enterprise applications are being transported by cloud services, with only about 15 percent of company traffic currently being handle by traditional web services. A cloud security survey released this week notes that the marked shift to cloud services further underscores the need to layered IT security as more mission-critical applications are shifted to the cloud.
Security vendor Netskope reports that data storage, a growing number of collaboration tools and social media apps generating boatloads of unstructured data topped its cloud service list. Moreover, multiple instances of cloud service usage across organizations is being fueled by growing adoption of app instances by departments and teams within companies.
That works out to a 3.9 percent increase in the average number of cloud services used per enterprise since Netskope’s last survey released in October 2018.
With marketing, human resources and other collaborative tools like Google Drive moving fastest to cloud services, the Netskope survey notes that sensitive customer and employee data is increasingly exposed. The top three data policy violations are DLP, or data loss prevention, infractions, “cloud activity policy” violations and “anomalous activity” that exceeds company policies about personal use of corporate networks.
“This data indicates the need for one tool or technology to address modern threats – a ‘one size fits all’ for cloud and web,” the survey notes. “While identifying sensitive data and preventing its movement is critical to specific cloud services, policing acceptable use of web applications is a top and different challenge altogether.”
Adding to the challenges are strategies by leading cloud providers like IBMaimed at persuading customers to shift more mission-critical applications to the cloud.
The survey recommends three primary ways to button down enterprise cloud services as instances of corporate data breaches worsen. Netskope recommends monitoring the mix of corporate web traffic transitioning to the cloud, then assessing whether proper security controls are in place for these data migrations.
It also recommends adoption of API-based tools to secure both web and cloud deployments. Those tools can be used to implement policy controls as well as for threat detection on web-based applications.
Lastly, the vendor survey recommends “layered policies” for enforcing a range of cloud services instances, thereby securing them while insuring internal compliance among corporate users.