Cloud Computing and Data Protection: What You Need to Know

In an age of digitalization, the issues of cloud computing and data protection are extremely significant to almost every company. But many decision-makers remain concerned about security when migrating their data to the cloud. COMPAREX shines a spotlight on the trend of Cloud Computing , presents possible vulnerability scenarios, and takes Office 365  and Symantec  as examples of how the benefits of the cloud can be exploited without being exposed to additional security risks.

Anja Dörner, IT Security Specialist

An article by the Anja Dörner; IT Security Specialist

Increasing numbers of our customers are exploring the opportunities of Cloud Computing. The benefits are plain to see. Cloud Computing  is a revolutionary, affordable and uncomplicated technology that provides companies with immense flexibility in the completion of ongoing tasks. You are able to use practically unlimited computing power and storage capacity – available on tap and only as much as you currently need! What’s more, data must be accessible on every device from anywhere in the world.

Trendy! Cloud Computing continues to soar

Current studies confirm the trend. The IDG Enterprise Cloud Computing Survey  in 2016 states that 70 percent of companies have already migrated at least one application to the cloud, and that an additional 16 percent are planning to do so or at least discussing the issue. What’s more, especially the Public Cloud Market  is growing at a dizzying pace.

Microsoft itself used the Ignite 2015 Conference to announce that 35 percent of Microsoft Exchange customers have already converted to Office 365 . Forecasts published by the US market research and consulting firm Gartner indicate that Office systems in the cloud will have achieved international market coverage totaling 60 percent by 2018. That is immense progress, no doubt, especially when I consider that just a year ago many of our customers had serious misgivings about the whole issue of cloud computing.

Your employees are probably noticing the progress as well. Although they may not know it, a large proportion of the applications they use may already be in the cloud. And possibly they are unaware of just how risky that can be for a company.

Watch out! Shadow IT as an underestimated security risk

If you ask suitable IT experts in a company how many cloud applications they believe are in use, the answer will always be more or less the same: “We use no more than 30 to 40 cloud applications.” But the security company Symantec claims that on average, 812 applications are operating in the cloud at German companies. Specialists use the term Shadow IT. It includes cloud apps like Xing, which enable data exchange up to 100 MB.

Were you aware of that?

Do you know which data is transmitted, when it is sent and where it goes? Most companies would have to respond to this question in the negative. It is advisable to seek technical support from security experts in order to assess the risk to your environment. Symantec, for instance, provides a free risk assessment service.

In most cases the employees do not act deliberately. Quite simply, it is an inevitable consequence of requirements in everyday business routines. It is normal in an age of globalization that your employees would like to share information quickly and flexibly across international borders to avoid falling behind the competition. Of course you could prohibit all cloud services, but blocking them will not solve the problem.
So it is essential to listen to the requirements of your staff and to give them the opportunity to benefit from cloud-based solutions without endangering security or exposing the systems to additional risks.

Appearances are deceptive! There are risks lurking in free security solutions

Office 365 by Microsoft is an immensely popular application. And it is all the more gratifying that Microsoft includes a raft of security solutions free of charge. But they must be perceived as add-ons to the existing IT security infrastructure.

A glance at the latest Internet Security Threat Report  by Symantec plainly indicates that the threat landscape remains complex and that built-in security features in Microsoft Office 365, Google Apps and other cloud-based email and productivity solutions are not up to the task of providing companies with blanket protection.

The analyst firms Gartner and Forrester also confirm this assessment, agreeing that the major security vendors like Sophos, Trend Micro and Symantec still lead the field by far:

Gartner Magic Quadrant: IT-Security Vendors
Source: Gartner 

Forrester Wave: IT-Security vendors
Source: Forrester 

What ideal protection for your cloud data looks like

We will use Office 365 as an example to demonstrate how quite basic protection sometimes falls short, and why you should still trust in specialists if you want to enjoy your new freedom safely.

1. Protection of Office 365 e-mail against spam, complex malware and phishing attacks

Office 365 contains signature-based anti-malware and antispam features. Other services/add-ons are needed to protect against complex threats like zero day attacks. The built-in security functions in Office 365 are not always effective enough to throw up a shield against today’s highly evolved attacks.
For instance, the phishing link protection in Office 365 only uses blacklists of known, malicious URLs. But criminals frequently get round these blacklists by inserting abridged links that redirect multiple times before reaching their actual destination.

The Symantec Email Security.cloud  can be a solution to upgrade your security and accommodate this situation.

Your benefits:

  • Intelligent source link tracking in real time
  • State-of-the-art heuristic technology based on over 8.4 billion email messages and 1.7 billion Internet requests (Skeptic)
  • Industry-leading service level agreements (SLAs) with guaranteed results, practically 100 percent protection against known and unknown email viruses with essentially no false-positive reports

2. Protection against complex threats and targeted attacks

Advanced persistent threats (APT) is the name given to this kind of attack. They are targeted threats that remain a clear and present danger.

A study by the professional association ISACA  indicates that 33 percent of companies are unconvinced that they are prepared for an APT or that they will be able to respond appropriately to an attack. Protection against these many-faceted risks requires multi-layer solutions and smart security.
The security solution built-in to Office 365 does not always provide complete protection against the complex, targeted attacks to which customers are exposed in the modern business environment.

They do not have suitable tools to correlate email, device and network analyses and hence to detect perniciously camouflaged and extraordinarily tenacious attacks. Moreover, they lack functions with a rapid display of attack details, to recognize how all the incidents are related and to scan control points for the artefacts of an attack. It is therefore practically impossible to establish context and to visualize malicious activities in the current environment. In consequence, they are not able to prioritize incidents and to immediately quarantine and neutralize the attacks throughout the entire company.

You can complete your protection and shape up for APTs for example by using Symantec Advanced Threat Protection .

Your benefits:

  • Detect and analyze complex threats on your devices, in your network, your email systems and in your Internet data traffic
  • Prioritize the most urgent tasks
  • Neutralize complex attacks in minutes

3. Backing up your confidential information in Office 365 Exchange

The data loss prevention and encryption features that Microsoft has built into Office 365 are rudimentary and only offer basic protection. The limited available methods for content detection in Office 365 (restricted document fingerprinting and basic functions for digital watermarking) lead to a greater number of false positives, increasing the workload for the IT department. Options to neutralize incidents and to automate workflows in Office 365 are limited to simple messaging and blocking functions.

Do not skimp in the protection of your confidential information. Symantec Data Loss Prevention  is one of the good solutions on the market.

Your benefits:

  • Simplified tasks such as policy management, reporting and incident neutralization
  • Powerful date protection – Symantec DLP Cloud Service for Email
  • Central dashboard and uniform DLP control mechanisms for all cloud services and local environments
  • Seamless, policy-based encryption

4. Access control with secure authentication

Identity protection is the lock to the front door of cloud services. It prevents attackers from gaining entry and ensures that employees receive access to the cloud apps they need. Implemented correctly, it also improves user-friendliness by enabling a transparent login procedure. Authentication in Office 365 is restricted to options such as out-of-band messages (text and voice) and messages via mobile devices. This means that secure and convenient options such as biometric, risk-based and hardware-based login information is not available. Office 365 only offers single sign-on and authentication for Office 365 applications. Exclusively Active Directory (AD) and Microsoft Identities are supported. Customers that perceive authentication and access control as integral elements in their security strategy – based on more than just individual applications – will find these options inadequate.

Use Symantec VIP  to grant certain users – and only these users – access to your Office 365 service.

Your benefits:

  • Improved security without restricting user comfort – Symantec VIP (Validation and ID Protection Service)
  • Better and more efficient review and access control for Office 365 and other cloud services – Symantec VIP Access Manager

Summary: Caution is better than a cure

Even if avoiding this issue appears more cost efficient at first glance, experience has shown that customers may incur significant costs in the event of a security incident. This is why you should continue to trust in the advanced technologies by experienced security vendors to preserve your peace of mind when using the benefits of the cloud.

Do you require assistance with cloud security?

We are delighted to advise you on the options provided by the individual security vendors. Simply contact us:

 Get in touch with us

 

Leipzig, 31.05.2017

Stay Up-to-date

For regular updates and articles from COMPAREX, click below to follow us:

 Follow us on LinkedIn

Related Articles

Where do Current IT Threats lurk? 5 Steps to Protect Against Cyber Attacks

Viruses, worms and simple malicious code were the most frequent threats to the IT landscape. A signature-based protective mechanism in the form of an anti-virus program was sufficient to provide adequate protection against standard cyber attacks. Read the full article ...

Post Cyber-Attack: Know What you Have

Lately, the so-called “WannaCry” crypto virus attacked tens of thousands of international businesses, private persons and government agencies. It targeted devices running Microsoft Windows operating systems that lacked the necessary security patch levels. Read the full article ...

What you Should Know about the Changes Regarding European Data Privacy

Data Protection used to be subject to each single country in the EU including remarkable differences. This situation will now be changed by a unique law which applies equally to each EU Member State. Read the full article ...

Archive

Get an overview of all published blog articles of the past months.

 Read more

Share this Article

Leave a Comment

Do you have a question or remark on this article you want to share with us?
 Post it here.