Shadow IT, Cloud-Based Malware Increase AppSec Risks - Security Boulevard

Cloud application security risks continue to rise as malware delivered by cloud applications continues to grow, according to a study by Netskope.

The biannual study also highlighted the potential for critical data exfiltration tied to employees departing their jobs—departing employees upload three times more data to personal apps in the last 30 days of employment, with personal Google Drive and Microsoft OneDrive instances the most popular targets.

The report also found nearly all (97%) Google Workspace users have authorized at least one third-party app to have access to their corporate Google account, potentially exposing data to third parties due to permissions like “View and manage the files in your Google Drive.”

Adoption of cloud applications grew 22% during the first six months of 2021, where the average company with 500 to 2,000 users now has 805 distinct apps and cloud services, of which 97% are shadow IT—unmanaged technology that’s often freely adopted by business units and end users.

Meanwhile, cloud-delivered malware has increased to an all-time high of 68%. Cloud storage apps now account for 66.4% of cloud malware delivery, and malicious Office docs now accounting for 43% of all malware downloads, up from 20% at the start of 2020.

Workloads Exposed

More than 35% of all workloads are exposed to the public internet within AWS, Azure and GCP, with RDP servers—a popular infiltration vector for attackers—exposed in 8.3% of workloads.

Douglas Murray, CEO at Valtix, pointed out that the Netskope report correctly highlights the fact that public cloud security should be front-of-mind for all enterprises.

“In 2020, we saw a massive inflection point as cloud spend exceeded on-prem data center spend,” Murray said. “With this comes the importance of securing cloud access, networks and applications.”

He noted that cloud-delivered malware is at a record high, and even employees come into the mix by copying company data to personal cloud apps.

“This is why policies such as DLP to prevent exfiltration are so important,” he said. “The cloud can be very powerful. But it can also create significant corporate risk if not managed correctly.”

Murray said it is very easy for a departing employee to copy data from corporate storage to personal storage, especially in the context of cloud-based storage like S3 buckets or Google drives.

He noted that these employees usually have legitimate access to the corporate storage – all set in place with resource and identity-based policies.

“What needs to be put in place is the ability to prevent the copying of data to personal cloud storage from corporate assets with access controls enhanced with an additional layer of DLP checks looking for critical data exfiltration,” he said. “Many companies focus on data going into their accounts, and not enough attention paid to what leaves their accounts.”

Focus on Securing Data

Mohit Tiwari, co-founder and CEO at Symmetry Systems, also pointed out the key to the underlying problem organizations care about is to secure data.

“That is, to ensure that specific regulated data doesn’t end up in unauthorized applications, and that allowed data in these applications is tightly access-controlled,” he said. “On the plus side, cloud and SaaS services all provide knobs to control access.”

That means a data security service that can overlay data security with features like access control, classification and monitoring across cloud and SaaS-based services could allay security concerns that stem from using modern enterprise tools.

He noted that offboarding employees clearly is a major problem, as well, since their permissions have to be revoked from all services without breaking things (e.g., if the employee was the owner/admin for certain assets).

“This cannot be an HR-only solution. HR teams can take ex-employees off of HR software, such as Workday, but dangling privileges across the rest of the organization and their cloud services requires tools or engineering support to completely remove identities and their permissions—or deactivate them and retain for compliance,” Tiwari said.

Deprovisioning Processes for Data Security

Murray added that, ultimately, data access lies with the service owners and it is their responsibility to ensure that correct processes and procedures are in place for deprovisioning and removing access for departing employees.

“Of course this process should be coordinated across multiple teams including the HR team, the employee’s manager and the IT security team,” he said.

Those teams need to work together to ensure an efficient and automated process is in place using identity and access security solutions, such as privileged access management, that help identify the access the employee has. This can enable an audit, which, once performed, can disable access prior to the employee’s departure.

Joseph Carson, chief security scientist and advisory CISO at Thycotic Centrify, noted the shift to a hybrid work environment last year meant that security needed to evolve from being perimeter- and network-based, to focus on cloud, identity and privileged access management.

“Organizations must continue to adapt and prioritize managing and securing access to the business applications and data, such as that similar to the BYOD types of devices, and that means further network segregation for untrusted devices that are still secured with strong privileged access security controls to enable productivity and access,” he said.

Organizations are looking to a zero-trust strategy to help reduce the risks resulting from a hybrid working environment.

“This means to achieve a zero-trust strategy, organizations must adapt the principles of least privilege,” he said. “This enables organizations to better control user and application privileges, elevating only authorized users.”



BSides Vancouver 2021 - Magno Logan's 'Kubernetes Security: Attacking And Defending K8s Clusters' - Security Boulevard

Our thanks to BSides Vancouver for publishing their outstanding BSides Vancouver 2021 Conference videos on the groups’ Y

Surprise! Surprises Often Are Wrong. - Security Boulevard

Great article in Scientific American says too much of scientific research is trying to be “appealing” (e.g. wrong, yet s

Why It's Critical For the Healthcare Sector to Reassess their Cybersecurity Posture - Security Boulevard

Reflecting on the past two years, it’s impossible to ignore the impact the healthcare industry has had on nearly every c

Anti-Vax Lies Spread on YouTube—Paid for ‘by Russian PR Company’ - Security Boulevard

Disinformation is rife on social media: No news here. But shadowy interests are paying so-called “influencers” to spread

The Software Bill of Materials and Software Development - Security Boulevard

Building secure software using the Software Bill of Materials Photo by Josue Isai Ramos Figueroa on Unsplash In May 2021

XKCD 'Commonly Mispronounced Equations' - Security Boulevard

via the comic artistry and dry wit of Randall Munroe, resident at XKCD!

Security for Startups in a DevOps World: Maintenance and Management - Security Boulevard

Note: This is the second installment in a blog series on startup security in a DevOps world (read the first here). This


安全学习从这里起步 从技术小白到安全专家应该怎么学习,SecWiki提供了一套详细的学习路线图,包含很多职位:Web安全工程师,Windows逆向工程师,Web安全研发工程师等等。

PlugwalkJoe Does the Perp Walk - Security Boulevard

Joseph “PlugwalkJoe” O’Connor, in a photo from a paid press release on Sept. 02, 2020, pitching him as a trustworthy cry

Elasticsearch ECE 7.13.3 - Anonymous Database Dump - Multiple webapps Exploit


Leawo Prof. Media - Denial of Service (DoS) (PoC) - Windows dos Exploit