Cloud-native threats have multiple implications. We are used to seeing legitimate cloud applications exploited within sophisticated kill chains, and we forget the basics: such as the risks posed by Shadow IT, like when personal email accounts are used to improperly handle corporate data. This is a very real risk right now, when users are working almost completely from home and the line between the professional and personal use of work devices is blurred.
Apparently, no organization is immune to this risk. Not even high-profile institutions such as the U.K. Ministry of Defence whose secret information, according to a recent report, was potentially exposed to hostile states when it was transferred from secure networks to personal email accounts. Over the course of 2020, the MoD recorded a total of 151 incidents including, unsurprisingly, “numerous incidents when information was sent to personal email accounts.”
Old habits die hard. The simplicity of using a personal email account to bring the work home is too tempting and not necessarily driven by malicious intentions. Unfortunately, this simplicity overshadows the risks of data theft (or loss) with the consequences that we can easily imagine.
How Netskope mitigates this threat
User education plays a fundamental role in mitigating this threat, but when that’s not enough, the ability for Netskope to provide granular control for thousands of cloud applications (including personal emails and cloud storage services) comes into play. This granular control can prevent the misuse of corporate data, such as the upload of sensitive information to non-corporate services or personal instances of corporate services.
For example, in the case of webmail, the Netskope Next Gen SWG has a dedicated category where the CloudXDTM engine recognizes dozens of activities inside the encrypted channel. It is possible to enforce a restrictive policy such as the complete block of potentially dangerous activities such as “upload,” “download,” or “edit” on personal services, or even to use the DLP engine to prevent just the upload of classified documents (using also the ML detectors to classify specific documents and simplify the operational tasks). Similar policies can also be applied to other categories such as “Cloud Storage”, or “Cloud Backup” and can be equally enforced to prevent the ingress of dangerous content (such as malware) from personal accounts into the organization.