All Posts By

SecureNation

Cloud Access Security Broker Keeping Confidential Information Confidential

In the past few years, the use of personal cloud storage has been on the rise, from GoogleDrive to Dropbox and even Microsoft Onedrive. These cloud storage options allow users to share data across computer systems, and while this can be seen as a boon in productivity for employees, these cloud storage services can become an IT security nightmare nearly overnight. Users and more importantly, employees have these services installed on their personal cell phones, personal computers, and even their work computers.

Malicious or Accidental Exfiltration of Company Data?

Every company has different policies on how data is to be handled, these policies are only as good at the tools and prevention measures that monitor and block malicious, or ignorant use by employees. While a company may have measures in place to monitor malicious use or exfiltration of files and information, are they monitoring every possible aspect? USB devices may be disabled but does the company have a way to monitor cloud storage or even data stored in the cloud? Who has access to the cloud storage, that a company’s confidential data may be saved to? How would a company even know if their data was being saved to cloud storage by malicious or even well-meaning employees?

Even well-meaning employees can create compliance violations, a nurse or medical transcriptionist saving patient data within the cloud on a personal storage account, could lead to hefty fines as well as possible loss of contracts or abilities to bid on future projects for the company. The average HIPAA fine currently being 1.5 million (a), so these types of slip-ups can and have cost companies greatly.

BYOD is a lurking issue for cloud storage

More companies are switching to BYOD, or Bring Your Own Device, and allowing users to have access to the company’s networks and data with their personal devices (b).  These devices often mobile devices, usually come preloaded with cloud access, be it Google Drive with Android devices, or icloud with Apple devices. While the rise in productivity seems to benefit companies, the potential loss of confidential or proprietary data is greater with this policy.

How to guard against this?

The answer to these problems is a simple one, CASB or Cloud Access Security Broker. “Cloud access security brokers” (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on (c).”  

Essentially, a guardian of your companies data that alerts and forbids sensitive company, personal, or proprietary information from being loaded onto unsanctioned cloud services.

These systems achieve this goal in different ways, from scanning the information that is passed through the network, to checking the hashes of the files and information passing through the CASB.  In the case of Netskope, a popular CASB solution, as well as several others, even the use of steganography is not enough to get past the system and exfiltrate data.

Cloud DLP

All data stored within the cloud is not scary; however, it is still vulnerable to the same issues with security. Companies that have adopted the practice would be relieved to know that many of the big players in the CASB market offer a form of cloud DLP.

Cloud DLP specifically protects the companies that have moved to cloud storage by ensuring sensitive data is not stored on the cloud without first being encrypted, and is only sent to the authorized cloud services.  These Cloud DLP options will either alter or altogether remove the classified or sensitive information before it comes in contact with the cloud.

Some of the key benefits of this cloud DLP include:

  • Integration with cloud storage to scan servers, and then identify and encrypt data
  • Continuous audit of uploaded information
  • Instantly alert the proper administration when data has been put at risk.

Think of Cloud DLP as having a virtual security guard that checks the receipts of users taking files out into the world of the internet, and ensuring nothing gets taken that has not been approved.

The Big Players in CASB

According to the Gartner Magic Quadrant, there are four big players currently in the CASB market:

  • Netskope offering multiple built-in and tenant-specific threat intelligence feeds.
  • McAfee with their recently acquired Skyhigh Networks offering the ability to create Data Loss -Prevention Policies without the need for coding, allowing a recording extension to observe the behavior as the app is invoked.
  • Bitglass offering the ability to include enterprise digital rights management within their Data Loss Prevention policies.
  • Symantec offering a large range of predefined DLP selectors based on compliance, and other common factors.

 

Resources

(a) Sivilli, F. (2018, September 17). Average HIPAA Violation Fine now $1.5 Million. Retrieved from https://compliancy-group.com/average-hipaa-fine-is-now-1-5-million/

(b) BYOD Statistics Provide Snapshot of Future. (n.d.). Retrieved from https://www.insight.com/en_US/learn/content/2017/01182017-byod-statistics-provide-snapshot-of-future.html

(c) Cloud Access Security Brokers – CASB – Gartner tech definitions. (2018, February 08). Retrieved from https://www.gartner.com/it-glossary/cloud-access-security-brokers-casbs/

Share this on:
Share

Halting Hackers: Safety Secured.

The world is evolving into a hyper-connected world, where what only a few years ago seemed like science fiction is becoming a reality thanks to IOT devices. These IOT devices range from refrigeration systems, automated manufacturing systems, medical systems and even coffee pots are connected.

Introduction

Medical systems are becoming the largest front-runner in this world, with recent reports pointing to over 3.7 million medical devices are being used to monitor the health of patients all over the world, [1] and the number is growing. However, with the growing numbers of the IOT device market, inevitably the security risks that will affect these devices are also increasing.

While securing regular systems is a daunting task in a world where even the cyber-attacks are becoming automated, securing IOT systems compounds the difficulty exponentially due to the devices rarely having built-in or even third-party defenses such as anti-malware. With medical equipment being used to monitor vitals, 3d print heart valves and having robots to assist in surgery, the risk of not securing these devices has risen far above just the loss of PII or HIPPA violations.

An attacker gaining access to a patient’s vitals with intent to manipulate the output is a scary thought. However, an attacker accessing the network, connected to a 3d printer, being used to print out a heart valve, and disabling the temperature safety features could potentially cause a fire within a lab which would be utterly terrifying.

Past vulnerabilities within IoT devices

IoT devices have already seen their fair share of “newsworthy” attacks. However, these are merely the ones detected or at the very least reported.

The Mirai Botnet
In 2016, the most massive DDOS attack ever was launched against the service provider, Dyn, using an IOT botnet. This attack crippled a large portion of the internet, including Twitter, the Guardian, Netflix, Reddit and CNN, proving that no one is truly immune to DDoS attacks. Attackers were able to control these IoT devices using a malware dubbed Mirai. The malware once present on a system continuously scanned the internet for vulnerable IoT devices, attempting the default usernames and passwords to log in to the devices. Such a wide variety of IoT devices were being used in the attack that it made it impossible for companies merely to patch or update the system.

Cardiac Devices at St. Jude
In 2016, the FDA confirmed that St. Jude Medical’s cardiac devices contained vulnerabilities that could allow an attacker to gain access to the device. [2] An attacker controlling these devices could either purposefully administer incorrect pacing or shocks. The implications of cardiac devices malfunctioning due to attacker intervention are staggering.

Importance of IoT security within the medical field

While important for every IoT owner, the need for securing these devices within the medical field holds higher consequences for not doing so.

Healthcare breaches are on the rise and those breaches have resulted in the theft or exposure of at least 176,709,305 healthcare records. [3] The average settlement for these HIPAA violation cases: $500,000.00 USD.

Most IoT medical devices contain PII about the patient they are attached to at that moment. From “doomsday” scenarios of further injury to patients to attackers gaining control are both terrifying HIPAA violations that are a more realistic and more prevalent issue that faces the medical field concerning IoT devices.

Securing the IoT

As with all systems, there are a few key ways to best guard your systems from attackers and IoT devices are no exception.

1. Don’t connect the IoT devices to your network unless necessary
2. Create a separate network from your main network
3. Change the default passwords of your IoT devices
4. Ensure firmware upgrades are installed
5. Keep personal devices separate from work IoT devices
6. Track and assess all company-owned IoT devices

However, these steps are only the beginning, and with the need for a constant network connection for most IoT healthcare devices, these steps may not be appropriate for the needs of the business.

All is not lost though, as there is monitoring software out there that will secure and protect IoT devices from outside influences. While IoT security is a hot commodity at the moment, there are three major players in the IoT security game: Zingbox, CloudPost and Medigate. These are cybersecurityarly stage providers for IOT cyber security product providers which specialize in Healthcare.

With Secure Nation’s team of skilled IT security experts and their background in IT management, information security, risk assessment, security policy audit and development, penetration testing, overall network design and project management, you’re in good hands. We help you to build a stronger information security and technology program. We work to not only strengthen your compliance status; but, also heighten your overall security posture without increasing cost.

References
[1] Internet of Things (IoT) Healthcare Market is Expected to Reach $136.8 Billion Worldwide, by 2021 https://www.marketwatch.com/press-release/internet-of-things-iot-healthcare-market-isexpected-to-reach-1368-billion-worldwide-by-2021-2016-04-12-8203318

[2] FDA Warns St. Jude Pacemakers Vulnerable to Hackers | Inc.com. https://www.inc.com/willyakowicz/fda-warns-st-jude-pacemaker-vulnerable-to-hackers.html

[3] Sivilli, F. (2018, July 31). HIPAA Violation & Breach Fines | List of HIPAA Violations. Retrieved from https://compliancy-group.com/hipaa-fines-directory-year/

Share this on:
Share