Cloud Service Risk: Cloud Monitoring Doesn't Matter

Last updated at Mon, 24 Jul 2017 13:51:18 GMT

Some of the security concerns associated with cloud services seem pretty obvious:   75% of all companies have cloud services in use and almost all of them don't even know what those services are.  Almost all of the companies who have implemented our newly-released UserInsight product have found cloud service risk they were surprised about or employees who shouldn't be accessing the cloud.   In addition, the responsibility of these services is frequently spread across the organization: It's typical to have the IT Security department responsible for monitoring on-premise systems like SAP or SharePoint while finance or sales teams frequently have responsibility for monitoring corporate-supplied cloud services like SalesForce or NetSuite.

Sounds like cloud services could pose a major security risk, right?  I'm here to make the case that Cloud Monitoring Doesn't Matter.  Security, like many things in life, requires a tremendous amount of context to be successful.  Having visibility into what services people are using is really only useful if you understand more about who those people are and what else they're doing.   Where and on which device are they accessing the VPN? How many mobile devices do they have accessing corporate data?  Understanding the cloud service risk in isolation provides a very myopic view of the security threats, as I recently highlighted in a Whiteboard Wednesday

Cloud monitoring doesn't matter…until you can put it in the context of looking at all of that user's activity across the on-premise, cloud and mobile environments.  Understanding whether cloud service access is a threat can only be done when tied to understanding what data the user has on their mobile device or where they're accessing the VPN.  In order to successfully monitor cloud service risk, we need to learn from the best practices that we've learned the hard way. For example, how many of you are confident that if you terminated an employee today his or her access to corporate-supplied cloud services would be terminated at the same time?   Do you care more about terminating this access or about ensuring that somebody's phone is wiped?

The fundamental pivot of monitoring needs to shift from looking at assets to also looking at user activity.  By having complete visibility into user activity across your on-premise, cloud services and mobile environments, you're better positioned to identify malicious activity.    With UserInsight, we've helped customers identify the cloud services in use within their organization and deeply inspect some corporate-supplied cloud services like SalesForce and Box.  We're able to put this in context of understanding where the user works, which mobile devices they use, and whether or not they have other behaviors that increase their risk.  Armed with this information, our customers have been able to put their cloud usage in the context of their overall security risk.

How are you integrating your monitoring today?  How do you ensure that your cloud monitoring solution works for you?