What’s App-ening? Hackers, Malware Developers Target the Cloud
This is Part 2 of a 3-part series examining the biggest threats to endpoint security today, all of which can be conversations to have with your customers.
It’s a challenge that’s not gone unnoticed. Almost three-fourths of U.S. IT and IT security practitioners strongly agree (39%) or agree (33%) that the use of commercial cloud applications has significantly increased endpoint risk throughout their organization, according to the Ponemon Institute’s 2016 State of the Endpoint report.
There are many reasons why cloud-based apps are a big threat to endpoint security: holes in the coding and unpredictable user behavior, to name a couple. As a result, many enterprises and small businesses feel caught between a rock and a hard place.
On one hand, customers like the flexibility, affordability and functionality that the apps provide to employees and customers. On the other hand, they risk exposing sensitive data or having their systems come to a screeching halt by an intruder.
How Vulnerable Are Your Cloud Apps?
Cloud application developers regularly tout new security features and updates, but as we mentioned in the first part of this series, how employees use those apps goes a long way in determining how secure information really is.
For example, employees can bypass encrypted security by simply using their personal device on a cellular network, even if they’re sitting at their own desk in an office, notes Michael Sutton, CISO at Zscaler.
It’s one thing if hackers could potentially use Pokemon Go to get at your data, but it’s quite another to think about it happening through the business applications you use every day. Just recently, Google Docs has been the backdoor for a strain of command-and-control ransomware that allows attackers to access and encrypt the end-users files at will.
Clearly, there’s still a lot of work to be done to ensure that cloud applications are secure in a business environment. Amazingly, three-quarters of all cloud apps are not yet compliant for the newly-ratified EU General Data Protection Regulation (GDPR), a standard developed to ensure data security and privacy controls, according to Netskope.
Channel Partners to the Rescue
As trusted IT and business advisors, solution providers will no doubt be asked—and counted on—to provide some answers to customers asking about cloud application security.
First, it’s important to have a complete picture of your customer’s network—how many devices are on the network, where they are and how they’re getting in, as well as what applications those devices are running. It’s even more important to track if they’re cloud-based apps that can be accessed from virtually anywhere.
Secondly, it’s important that your customers’ employees have received proper training around security policies and procedures. That extends far beyond what they type into a browser. Information given over the phone, or carried home in a briefcase—even accidentally—can be potentially dangerous. The more employees are aware of security procedures, and risks, the less likely they are to be the cause of a breach.
Third, keep in constant communication with your customers about security. While it’s virtually impossible to be 100% protected, vigilance and proper 24x7 monitoring will help minimize security risks.
How well you’re able to talk to your customers may well depend on how long you have those customers. If you’re not capable or ready to have that conversation with your customers, have one with us first.
Global Convergence offers a comprehensive portfolio of security, network traffic visibility solutions as well as a wide variety of enterprise mobility and other customizable services to ensure your customers’ networks and data remain safe.
Contact us today to talk to a GCI Account Manager about our security resources.
# # #
The Three Biggest Threats to Endpoint Security in Your Organization Today Blog Series: