Cloud security - a data centre perspective

Global business services company Minter Ellison says the estimated cost of cyber-crime will be US$6 trillion by 2021. One of the five key themes (see infographic at the end) is that organisations remain complacent about reviewing and testing their own cyber resilience and that of their suppliers – including the cloud.

Another key issue is the growing use of BYOD/mobility where cloud has become the “glue” between corporate networks and assets and the ability to access and manipulate them on a smartphone or laptop.

iTWire spoke to Lyncoln de Mello, Director of Cloud Services at Brennan IT - a managed “cloud” provider, data centre, managed IT service provider and more about how to protect organisations in the face of increasing cyber attacks. He has been at Brennan since 2012 and prior at Optus, Telstra and TalkTalk.

{loadposition ray}

“There are more opportunities for cyber criminals with the increased penetration of smartphones and other mobile devices, as well as the growth of the Internet of Things and wearable technology. These endpoints, together with social engineering of credential information, means that there are more vulnerabilities through which organisations can be targeted.,” said de Mello.

Following is a precis of the interview.

What are the most common types of cyber attacks facing businesses today?

There are many different approaches - malware, including ransomware, phishing and impersonation scams (BEC or CEO fraud) via email and Distributed Denial of Service (DDoS) attacks to disrupted web services.

• Malware continues to grow and evolve, making it one of the most common and effective attacks on businesses. Its payload includes viruses, spyware and more. Malware’s function is to be covertly installed on a PC or server and then inflict damage by laterally exploring systems and discovering passwords or unpatched devices, tracking keystrokes to obtain credentials or ransomware which involves encrypting data and demanding a ransom for its release. Cyber criminals use a broad-brush approach - equally targeting smaller and larger organisations - knowing someone will open a malware-laced email with varying ransom demands to maximise revenue.
• Phishing emails trick users into downloading infected software or divulging passwords and account details by posing as legitimate websites, invoices, or other requests for action. As phishing is a form of social engineering, anti-virus and anti-spam software aren’t adequate to protect the organisation, so education is essential.
• Email impersonation attacks are on the rise and seek to spoof a trusted sender with requests for sensitive information, payments of fake invoices and other legitimate-sounding instructions. Targets for these spoofing type attacks are senior leaders, including C-suite executives, payment authorisers, and other senior staff in accounts or finance roles.
• DDoS attacks appear as a sudden surge of traffic but can shut down websites or even portions of the internet. Increasing bandwidth and filtering traffic can stop this to a degree, although, as with these common threats, prevention is key.

What can businesses do to protect their organisation?

“Continually review their security policies, tools, and systems to ensure they stay ahead of potential attackers,” he emphatically stated.

Protecting the perimeter and endpoint (desktop, laptop, tablet, etc.) is essential, and protection should be implemented in layers to protect all access points of an organisation, regardless of location.

Many attacks originate outside of Australia so it is important to consider using geo-blocking at the business’s Internet perimeter firewall. Most organisations with e-commerce facilities are hosting their websites and associated databases with service providers that use strong network-level protection. However, in a global market, businesses need to assess the potential downside of geo-blocking because it can limit legitimate traffic, for example, sales leads from outside Australia.

Businesses should conduct regular health checks regarding where and how data is stored, and which applications are in use on the network or are taking up valuable network availability. Organisations should also keep track of all users and what parts of the network each person has access to, and understand the potential threats that may exist. Protecting and maintaining systems and devices, and inventorying the environment can help to identify potential issues before they are exploited by cyber criminals.

How can organisations ensure their data is secure in a cloud-connected world?

Cloud providers gain security credibility through certifying their platforms onto compliance frameworks and industry-based compliance standards. Complying with these standards ensures the customer receives a higher quality of service and diminishes the likelihood of that provider being successfully breached. Businesses that value their data and intend to shift to the cloud need to make sure that the chosen cloud provider is certified with the appropriate framework for the data.

Identity and access management is a key piece of the puzzle. It is important for businesses to centrally manage their own user-base credentials, providing role-based access so only authorised people get access to the systems and data they need. Using Active Directory Federation Services (ADFS) or Azure Active Directory provides single sign-on access to the systems and applications across the organisation. This lets the user securely access systems outside of the immediate organisational network without having to re-enter security information such as passwords. They can then seamlessly access Software-as-a-Service applications such as Dynamics CRM. This combines strong security with a user-friendly experience that lets users continue working without disruption.

What should be the primary focus for organisations looking to protect themselves?

Organisations often focus on the importance of inbound perimeter protection and intrusion detection. However, in most networks, hackers will always find a way in. A more mature security policy is to recognise this inbound threat, assume a breach may happen and adopt a security posture of containment.

Containment means to control the damage once a cyber adversary has breached the perimeter. Specifically, security measures should prevent the attacker from going back outside the network to further download malware or ransomware. The use of an access control list (ACL) is one way of tightly controlling permissions of objects in filesystems and networking.

Disclosure: The writer and companies he is associated with have used Brennan IT services since 2004. It has 1200+ customers, 340+ employees (150+ certified techs), five offices, and 19 years in business.