Many companies have been strongly encouraging, even mandating their employees to work remotely the past few weeks. We’ve seen Google, Facebook, Microsoft, Twitter, and others embrace a work from home posture. While not every employee can do their work away from their desk or without human contact, it’s encouraging that many actually can. Cloud adoption and digital transformation have played a significant part in enabling distributed work, much needed these days. It’s hard to imagine a response at this scale being possible just a few years ago.
Over the past ten years, organizations have become comfortable with moving their critical business systems to IaaS and SaaS, and storing valuable and sensitive data in the cloud, including patient records, employee details, business intelligence, customer records, and more. Engineering and DevOps teams can access code repositories, build, deploy and manage applications entirely in the cloud. Sales, finance, and HR teams can access their applications and data without setting foot into the office.
Cloud email is no longer just a communication tool. It has become an unlimited repository for employees to store, search and share data easily. Applications like Salesforce allow users to easily download and share reports with anyone, and to communicate with customers, partners, and other employees from within the platform. They enable third party applications to access data and take actions on behalf of users. Anyone with valid credentials and appropriate entitlements can access cloud assets from anywhere in the world.
SaaS and the digital transformation has changed the nature of work. These changes need to be reflected in the way security protects applications. Businesses embracing the cloud has allowed organizations to respond to crises without losing productivity. Security teams in these organizations play a silent yet critical role in ensuring that the business stays safe through these periods of radical change. Unfortunately, we already see bad actors taking advantage of this crisis to launch attacks on organizations.
Security teams tasked with enabling secure collaboration and business continuity will find the following tips and recommendations useful.
- Be Proactive about Enablement: Many employees who have never worked from home on a regular basis will need help getting on VPNs, using proper credentials, and following security best practices. Be proactive about enabling secure remote work and preventing insecure workarounds.
- More Guardrails, Fewer Gates: This should be the guiding principle for cloud security. Ensure that the experience of legitimate users is not degraded by security measures.
- Mind the Hygiene: Most security breaches in the cloud result from avoidable errors — accidental oversharing, misconfigurations, granting third party applications access, etc. Monitor and strengthen posture without affecting productivity.
- Monitor Use: Keep an eye on access and usage across common SaaS apps. Make sure you have an audit trail so you can investigate and respond to incidents better.
- Watch for Unusual Login Activity: Pay particular attention to successful logins from unusual locations and to repeated unsuccessful attempts.
- Use Platform Capabilities to Detect Misuse: Some email and collaboration services offer mailbox auditing and file sharing activity. You can use this to detect early signs compromised accounts being used to send spam or for data exfiltration.