Home / Industry

Cloud and IaaS DLP Woes: Is Additional Threat Intelligence a Solution?

Cloud-based technologies are effective means to gain visibility into the IT challenges faced by organizations. Adopting them enabled infrastructure-as-a-service (IaaS) providers to increase client uptime, security, and compliance, all the while giving more flexibility to scale up or down to respond to opportunities and challenges on time.

Despite the high level of security most cloud infrastructure providers tout, their services are far from perfect. What ultimately allows enterprises to avoid the compromise of their customers' data is implementation. A survey suggests this is the case, especially as 99% of public cloud infrastructure misconfigurations go unreported.

Unreported Security Issues

The volume of public cloud misconfiguration issues that remain unreported averages at 3,500 per month. Sadly, these oversights open both vendors and their clients to data loss and its consequent risks. Even more alarming yet unsurprising, however, was the fact that only 26% of companies are prepared to deal with misconfiguration audits. It does not help that improper configuration sometimes takes more than a day to rectify; some even take over a month.

The most common public cloud misconfiguration problems had to do with user provisioning, data encryption, restricting ingress and egress traffic, and IP address filtering. These errors share many similarities with those seen in traditional data centers.

Data Loss and Regulatory Violations

IaaS-related incidents caught by DLP rules have also risen by 248%. Again, a staggering 42% of storage objects flagged by DLP mechanisms were due to misconfiguration.

Data loss incidents can impact cloud users' revenues due to compliance concerns. Compliance is already tricky; it gets worse due to the fluidity of the cloud as a data storage environment. Cloud infrastructure providers need to stick to service-level agreements (SLAs) and stringent regulatory requirements at all costs to avoid paying hefty fines. Among the regulations they're required to adhere to are:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Federal Information Security Management Act (FISMA)
  • General Data Protection Regulation (GDPR)

The fines these regulations impose can cost violators millions of dollars. As an example, HIPAA-related violations can cost a healthcare provider as much as US$25,000 per category. According to the HIPAA Journal, the highest penalty paid for personal data theft to date was US$16 million.

Can Additional Threat Intelligence Help?

Not all organizations have a proficient understanding of the responsibility they share with their cloud service vendors. Unfortunately, most cloud users have a "set-and-forget" mentality and assume that securing their stored data relies solely on their provider. That is not the case.

Cloud service providers and users can integrate threat intelligence APIs into their existing solutions for both prevention and data enrichment. Threat intelligence generally helps enterprises identify anomalies by:

  • Monitoring unrestricted and lightly restricted egress traffic
  • Identifying workload communication with bad hosts
  • Finding open ports on virtual servers through host discovery

Should both providers and users wish to improve their DLP applications, they can lean on threat intelligence to analyze their host structures and configurations. They can also push threat intelligence APIs to their solutions for more in-depth security evaluation. With these, they can:

  • Check whether websites' Security Sockets Layer (SSL) certificates are updated and properly configured
  • Perform reverse Domain Name System (DNS) lookups to map out connected IP addresses and domains
  • Uncover the real reasons for traffic surges and mitigate distributed denial-of-service (DDoS) attacks that result in downtime
  • Allow or restrict users from communicating with physical and virtual systems based on their domains and reputation or IP addresses

* * *

Cloud and IaaS-based technologies allow enterprises to stay agile against competitors. However, persistent cyberthreats and risks can quickly turn the same technologies into their worst nightmare. Threat intelligence integration can facilitate the timely detection of dangerous activities that can result in data loss due to third parties. That said, organizations need to make sure that the visibility that cloud-based services offer won't also be the cause of their downfall should these lack security.

Threat Intelligence Platform (TIP)

About Threat Intelligence Platform (TIP) – Threat Intelligence Platform (TIP) offers easy to use threat intelligence tools, services, and APIs to get detailed information about hosts and the infrastructure behind them. Gathering data from different providers, utilizing our substantial internal databases (compiled for 10+ years), and also real-time host configuration analysis, our threat intelligence solutions provide an in-depth look at target hosts and are an essential addition to any threat detection toolkit. Visit Page

Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Cybercrime

Sponsored byThreat Intelligence Platform

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Whois

Sponsored byWhoisXML API