The primary objective of IT should be to support the strategic direction of the company. In an ideal world, IT teams would collaborate with the company’s various business divisions to develop a clear strategy suited to their application needs. The directors then expect that the budget is approved, the infrastructure created and controls, security and compliance in place. The problem is that this procedure can take weeks, months, even years, without any certainty that it meets the expectations of business managers. IT teams can use existing technology and security control systems to help stem the tide of unsolicited cloud services.
What would happen if every business executive could take possession of these technologies and use them without IT intervening? Would they be able to accurately assess the risks of putting confidential information in the Cloud? This is the challenge that IT security is facing today. Cloud services that claim to be able to respond to any business need in a click are already legion. It is therefore incumbent upon IT security services to identify and demonstrate the importance of identifying and reducing risks for the company, before the theft of data makes the headlines.
Fortunately, many products reduce the risks associated with cloud services, including through the provision of services, identity federation or the administration of virtual infrastructures. There are very few products that can monitor or prevent the unauthorized use of cloud services. In contrast, IT can use technology and security controls to help stem the flood of unsolicited cloud services.
To detect and monitor cloud services used, first make use of the products in which you have already invested: Web filter, new-generation firewall (NGFW) , data leak prevention tools (DLP), etc. These systems are already in place in your network to intercept traffic that may contain confidential information or detect access to inappropriate websites. DLP systems are particularly useful because they also act on SSL encrypted connections using the technique known as the man in the middle (MITM). It could even be that your DLP systems and web filtering are already configured to detect or block access to cloud file sharing sites such as Dropbox and Google Drive. The files related definitions should be modified to also allow the detection of other cloud services.
There are several cloud service records that can be referenced to help you create custom definitions for the Web or DLP filter systems. But developing these definitions using these registers is hard work, because the number of potential suppliers of cloud solutions is vast. Simplify your task by first listing companies that provide cloud services that are most likely to be used by your business. Security software vendors most likely will end up adding cloud solution providers register their DLP products and web filter, but until then, detection remains a manual operation. For teams whose budget is tight and who don’t have access to these tools, there are also excellent solutions in Open Source. For many of the professionals involved, the preferred tool is Snort, an intrusion detection system (IDS) Open Source which includes free rules can transform any old PC into a first-class IDS machine. The great strength of Snort is that you can easily add custom rules tailored to a particular environment. These are usually added to local rules file default software.