The 3 biggest threats to your cloud data

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Any horror movie fan can tell you the scariest threats are the ones you don't see coming, and the same is true when it comes to threats to cloud data. IT has decades of experience protecting on-premise resources. Virtually no one has even one decade of experience running major SaaS applications, so we should be prepared for some surprises.

The risk vectors described here are perhaps the three most dangerous threats to your SaaS data, precisely because so many IT pros aren't prepared for them:

* Zombie accounts. Zombie accounts are those accounts that are no longer in use, but haven't been suspended, deprovisioned or deleted. When a sales rep leaves, the admin locks the user out of the account but never follows up to actually delete the account. The danger with zombie accounts is that, if they are compromised, no one is watching them. A subverted zombie user could steal, corrupt or delete data well before anyone is the wiser.

CLOUD DATA MANAGEMENT: Amazon wants to manage your data in the cloud

Many SaaS admins assume they aren't sitting on any zombie accounts because SaaS apps usually charge on a per-user basis, so anytime the admin receives a bill, the zombie users would stick out and demand to be deleted -- if only to recover the license fee.

Not so. Some SaaS apps only bill on an annual basis, rather than monthly or quarterly. SaaS providers offer this billing option to support large organizations because big companies usually budget on an annual basis. As such, you have the deadly combination of a company with a large number of users within which a zombie account can hide, and a billing cycle that could keep a zombie account unnoticed for as long as 11 months at a time. That's scary.

Zombie account defense: Eliminate them before they turn. Delete inactive accounts as soon as they have outlived their usefulness.

* Rogue users. User error is always one of the top two causes of data loss for any application, cloud-based or otherwise. This is because software has no way of distinguishing between legitimate and illegitimate commands. One slip of the mouse and a Copy command becomes a Delete command. Simple user mistakes cause between one-third and two-thirds of all data losses. That's scary enough, but those numbers only describe the damage inflicted by accident.

Now imagine what a rogue user -- one who is intentionally trying to cause damage -- could do to your cloud data. Authorized users are, by definition, allowed inside your SaaS application's defensive perimeter. Disgruntled employees can be your worst nightmare, as these users can do every bit as much damage as a compromised zombie account but with the added threat of knowing exactly where to look for valuable data.

Rogue user defense: Trust no one (more than you have to). Most SaaS applications offer some degree of tiered access privileges. Never grant anyone more access than they need.

* The black swan. A black swan is shorthand for an event that is so unprecedented as to be almost impossible to predict. Tech writer Mat Honan made headlines earlier this year when a weird combination of Amazon and Apple security procedures allowed hackers to wipe out virtually all of his online accounts, as well as purge the local data from his laptop. What made this epic hack so remarkable was that Apple and Amazon's security procedures both protected their own systems, but it was the combination of data that both providers disclosed that allowed hackers to assume control of all of Honan's linked cloud accounts. Almost no one could have seen that coming. While Honan's loss doesn't fit the classic definition of a black swan event, it matches the general profile of an all but unforeseeable security failure.

Given the complexity of SaaS applications and the relative immaturity of cloud application security standards, it's highly likely that another such black swan event will occur -- one that may well compromise your own SaaS application data. That's the very image of a security threat you can't see coming, and nothing could be scarier than that.

Black swan defense: Call for backup. An independent backup copy of your SaaS data, kept separate from your production cloud accounts, can allow you to recover from a cloud failure that no built-in security or disaster recovery feature can handle.

Bottom line, SaaS is new ground for lots of IT professionals and, while cloud-based applications carry some demonstrable security and data integrity advantages (notably in hardware redundancy), the cloud is still new territory for most of us. It requires new procedures and new best practices. With a little preparation and forethought, the cloud can be more versatile and adaptable than on-premise systems, but you have to adapt your security protocols to ensure your cloud benefits aren't undone by hidden security costs.

Join the CSO newsletter!

Error: Please check your email address.

Tags SaaScloud datasecurityClouddata loss preventionrogue usersSoftware as a servicecloud computinginternet

More about Amazon Web ServicesApple

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rob May, CEO, Backupify

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place