We often associate breaches with corporate espionage and advanced persistent threat groups, but often, data is leaked by an organization’s own employees. In cloud environments, this kind of data loss has become typical and, at the same time, difficult to detect. Whether it’s accidental “fat fingering,” intentional data exfiltration, or a compromised account, data moves more fluidly than ever due to the increasing reliance on cloud applications to stay productive.
In 2021, Pfizer acknowledged that thousands of internal documents — including trade secrets — had been leaked by a former employee who exfiltrated sensitive data to their personal cloud accounts and devices.. This large-scale data leakage event served as a potent reminder to organizations that one insider threat can have catastrophic consequences. To combat it, organizations need to assume that their sensitive data will eventually be shared with unauthorized parties, just as they need to assume that no entity is trustworthy until verified in a zero-trust framework.
To ensure that you take advantage of cloud productivity while safeguarding your sensitive data, you need a solution that can make intelligent access decisions based on user behavior, endpoint risk posture, the apps being used, and the sensitivity level of the data being accessed.
Three capabilities you need to protect your cloud data
Lookout Chief Technology Officer Sundaram Lakshmanan has written about the fact that cloud connectivity has amplified security gaps, but integrated and cloud-delivered solutions can enable organizations to keep pace with evolving threats. In other words, to prevent data leakage in this cloud-first era, you need an integrated cybersecurity solution that has advanced data protection capabilities.
To combat data leakage, here are three technologies that your integrated security solution needs:
1) Gain visibility into user behavior
User and entity behavior analytics (UEBA), is crucial to understanding how users interact with your apps and data. More often than not, security compromises don’t include malware. Instead, a privileged account that has access to sensitive data is used to cause harm, whether it’s through the stealing of credentials, someone accidentally sharing data with unauthorized personnel, or in the case of the Pfizer leak, an incident with malicious intent.
2) Understand the apps your employees use
In addition to user behavior, your cybersecurity solution should understand the different apps your employees use, whether they are sanctioned by IT or not. Shadow IT has become a big problem now that cloud apps are so easy to deploy and many employees have consumer versions of enterprise apps such as Google Workspace and Microsoft Office 365.
According to Bloomberg Law, Pfizer implemented a tool in October 2021 that can detect employee uploads of files to cloud apps. But again, detection alone wasn’t able to prevent the breach.
3) Implement automated encryption
Automated actions to protect your data is the key. You may have the tools to detect anomalous user behavior or whether your files are being uploaded to an app you don’t have control over, but without an intelligent policy enforcement engine, there’s nothing you can do to stop your data from leaving.
To mitigate against data leakage, organizations need data protection that takes advantage of the capabilities I outlined above: user behavior and app usage. Your advanced data security should include these two technologies: one, data loss prevention (DLP), to classify and understand the sensitivity of the data you own as well as apply various restrictions such as wordmarking or redacting keywords; two, enterprise digital rights management (EDRM) that can encrypt sensitive data while it's downloaded so that only authorized users can access it even if it leaves your enterprise.
The fourth puzzle piece: endpoint telemetry and an integrated platform
This incident illustrates how, even with the world’s best data classification and anomaly detection systems, you need to ensure that you have the ability to take action. To secure their cloud data, organizations have been shifting to a zero-trust model, where no entity is deemed trustworthy and given access until their risk level is verified. But to make efficient access policy decisions that don't hinder productivity, you need integrated insights.
In addition to telemetry about users, apps and data, the Lookout Cloud Security Platform also includes endpoint security. With employees now using whatever device they have at their disposal to work, organizations are constantly exposed to the risks and threats that may reside on those endpoints. By understanding the sensitivity level of your data as well as the fluctuating risk levels of users, apps, and endpoints, we enable organizations to make intelligent access decisions.
To learn more about how you can secure your organization’s data in a cloud-first environment, take a look at this video on how you can detect and prevent malicious data exfiltration by employees.