In today's Whiteboard Wednesday, Jason Weiss, a member of the engineering team for UserInsight (now known as InsightIDR) at Rapid7, will discuss the topic, "Why Cloud File Transfer Services Put All Your Organizational Data at Risk".
Watch this video to learn how cloud file transfer services, used by your employees and colleagues, put your organization’s data at risk and find out how to monitor suspicious behavior across these cloud services so you can answer the question, "Who leaked the data?"
If cloud security is of interest to you, check out InsightIDR. In one platform you gain the visibility into user activity and threats across your network, cloud and mobile environments.
Hi. I'm Jason Weiss with the UserInsight Engineering team here at Rapid7. Today is whiteboard Wednesday and we're going to talk about Cloud File Transfer Services and why all of these services put your data at risk.Show more Show less
The Cloud's File Transfer Service provider will go on and on in their marketing campaigns about how secure they are. They encrypt your data at rest, they encrypt your data at transfer, they've got all this log file and administration capabilities to help you manage as an enterprise access to these files.
Well, let's walk through a little scenario and explain why these services are risky business. We've got Molly over here at WeSaySo Corp. Molly is about a 5-year employee. She's passionate, she's energetic, she loves the company, she loves her job. She's in Business Development. Molly is one of these 1K United Flyers that sees a different city every week looking for partners, looking for acquisitions.
Well, Molly is in a typical routine, business trip, racing through O'Hare, trying to get to her next gate and she realizes that she needs to send a file urgently to her boss. Her boss' email address is David K.. Well, in the rush to get to her next flight, she pulls out her tablet and she starts typing in the password into her file transfer service and she pulls down that file that she needs to send. She hits that magical Share button and when she hits the Share button up pops a different set of applications that she can share that file with, one of which is her email application.
So she selects email and hits Share. Well, she's in such a rush that she didn't notice that when the file was populated in the email account that actually populated into her personal email account. She doesn't have time for a message body so she starts typing in the To addresses, she starts typing David, and then the magical powers of Auto Complete kick in. Instead of David K., her boss that she wants to share the document with, it auto-completes with David J. at Wall Street.
See, David K. was a former Associate, he's a finance hero on Wall Street and he just received a very sensitive document about a public acquisition with all the glory details: the new executive structure, the price of the deal and even the strategies for dealing with the FCC to get it pushed the truth. Interestingly enough it's from Molly's personal account, the subject name is just the name of the file and there is no message body.
Well, fast forward once all the heads roll, the FCC investigation completes, people are still going to be asking who did it, who leaked that data. Well, let's go back to our trusty security here in the cloud. It wasn't a matter of the cloud being pierced so the encryption for the data at rest didn't matter, the encryption for the data in transit didn't matter, it was securely transferred down her tablet and the log files don't help because when we look through the log files we're going to see Molly and the CEO and the CFO and some executives from the acquiring company accessing the files and they all had permission to do so.
So how do we know how the file was leaked? Well, odds are unless Molly goes through her phone, she's not going to be able to determine that she was the actual person that created the leak. So at the end of the day these Cloud services can really put your data in jeopardy.
At Rapid7 we're working on solutions that can help you manage your Cloud services. If you want to hear more, reach out to us, let's talk. Thanks.
See how InsightIDR can help you detect intruders earlier in the attack chain.Watch Demo