2021 SAAS RISK REPORT - This report covers key trends and challenges organizations face when trying to control unsupervised identities and shadow ...

Page created by Kelly Bryant
Hobbies & Interests
English
 
CONTINUE READING
Page content transcription
If your browser does not render page correctly, please read the page content below
CLOUD RESEARCH TEAM

2021 SAAS RISK REPORT
This report covers key trends and challenges organizations face when
trying to control unsupervised identities and shadow privileges that can
put data at risk across a fragmented SaaS & IaaS environment.
ABOUT THE REPORT

Data was gathered from the following SaaS/IaaS
supported by Varonis DatAdvantage Cloud:

                                                   200K
                                                 identities

                                                 Hundreds
                                                 of millions
                                                  of cloud
                                                   assets

                                                               1
HIGH-IMPACT CLOUD IDENTITIES

43%                                                  3 out of 4                                            1 out of 4
of all cloud identities sit abandoned                cloud identities belonging to                         identities in SaaS apps and half
and unused—and exposed                               external contractors remain active                    in IaaS services are non-human
                                                     after they leave the organization

IMPACT                                               IMPACT                                                IMPACT
Unused identities that are abandoned by users        Most ex-contractors have not been fully               Non human identities include APIs, serverless
who are no longer using a cloud service are          de-provisioned when they leave, which                 applications, virtual machines, etc. Unlike human
sitting ducks for account takeovers and therefore    typically means that they retain access to the        identities, they are under threat of compromise
substantially increase an organization’s attack      organization’s cloud services where they can          24x7 because they are always logged in and are
surface.                                             continue to access—and potentially steal—IP           typically overlooked by security teams since they
                                                     and data.                                             operate in the background.

RECOMMENDATION                                       RECOMMENDATION                                        RECOMMENDATION
Unused identities, which multiply quickly, need to   When a contractor leaves, their identities,           Like human identities, non-human ones need to
be continually monitored and identified so that      privileges, and access must be fully cataloged        be closely monitored to ensure they haven’t
they can be immediately removed from all             for complete removal. In addition, their activities   been compromised and that their permissions
operation-critical SaaS apps and cloud services.     over the 60 days prior to termination should be       are not overly-broad in relation to the functions
                                                     audited for potential data theft or other             that they are required to perform.
                                                     compromises.

                                                                                                                                                               2
MISCONFIGURED CLOUD PRIVILEGES

44%                                                                     3 out of 5
of cloud user privileges are misconfigured                              privileged cloud users are shadow admins

IMPACT                                                                  IMPACT
Users often have overly-broad privileges which are mis-assigned         Shadow Admins are privileged users who have unauthorized
due to a security team oversight or malicious activity. This can open   privileged access acquired outside of the security team’s purview.
up an organization to account takeovers and data exfiltration.          They can perform admin-level changes that can cause damage
                                                                        across a cloud service.

RECOMMENDATION                                                          RECOMMENDATION
User privileges must be continuously monitored for misconfigurations    Shadow Admins should be monitored the same way that you monitor
and unauthorized changes so that overly-broad privileges can be right   your regular admins, though in most cases their privileges need to
sized and least privileged access effectively enforced.                 be right-sized to their role and aligned with the privileges of the
                                                                        non-privileged user group to which they are assigned.

                                                                                                                                              3
HIGH RISK CLOUD ACTIVITIES

15%                                                                     16%
of employees are transferring business-                                 of all cloud users perform privileged actions
critical data to their personal cloud accounts                          and 20% of them have access to sensitive
                                                                        corporate data

IMPACT                                                                  IMPACT
Business critical data doesn’t always stay in sanctioned cloud          Privileged actions — ones typically reserved for admins but are often
services. Employees often transfer data to rogue cloud services         performed by Shadow Admins — should be of highest concern to
— including personal accounts. At best this means the data resides      organizations, especially if the perpetrators also have access to large
outside of your security team’s control, and at worst is an indicator   amounts of data. These actions can negatively impact the entire cloud
that the data has been stolen.                                          service or a major part of the experience for everyone, not just a single
                                                                        user or data set.

RECOMMENDATION                                                          RECOMMENDATION
Security teams need to enforce usage policies that prevent documents    Security teams should constantly review all identity privileges to
from being transferred out of sanctioned apps to private accounts.      identify Shadow Admins and right-size their permissions to the
                                                                        minimum needed to do their jobs or remove their access if it is
                                                                        determined that their privileges were escalated for malicious purposes.

                                                                                                                                                    4
CLOUD SECURITY CHECKLIST

          Reduce your cloud blast radius by ensuring employees have                  Employ cross-cloud threat detection to ensure you can spot
          the minimum access needed to do their job. This requires                   malicious activity that spans multiple cloud apps. Some SaaS
          continually mapping access control lists across your disparate             providers have built-in logs and alerts, but can only see a fraction
          cloud services to pinpoint and revoke excessive privileges.                of an attack. Unified SaaS monitoring gives you more robust threat
                                                                                     models and makes investigations faster.

          Monitor user activity for anomalies or out-of-policy activity.
          Pay close attention to privileged users abusing admin privileges           Audit cloud sharing configuration settings. This will help
          for non-admin related activities that can place your organization          prevent accidental oversharing or leakage of business-critical data.
          at high risk.                                                              A sensitive file carelessly dropped into a folder with broad sharing
                                                                                     rights can result in a data breach.

          Eliminate shadow identities by monitoring account activity
          (or lack thereof). Remove or disable human and non-human                   Set up processes for off-boarding remote employees and
          identities, such as application tokens that are inactive to limit          contractors. This can be a challenge when cloud services are
          your attack surface and avoid account takeover.                            managed outside of your SSO. Adopt a unified, cross-service IAM
                                                                                     solution that allows you to revoke permissions when employees or
                                                                                     contractors leave the company.
          Perform entitlement reviews regularly so that business unit
          leaders can see who has access to their data and applications
          and revoke permissions that are no longer needed.

Try Varonis for free!
Varonis DatAdvantage Cloud gives you a single pane of glass to monitor and protect                                        GET A DEMO
your mission-critical cloud applications.

www.varonis.com | 1.877.292.8767
You can also read
Enterprise Vault.cloud Compatibility List - March 2021 - Veritas
Enterprise Vault.cloud Compatibility List - March 2021 - Veritas
A Cloud 9 Living Presentation
A Cloud 9 Living Presentation
THE GREEK SUPERSITE: AN INITIATIVE FROM THE MOST TECTONICALLY ACTIVE PART OF EUROPE - ALEXANDROS SAVVAIDIS, PHD - GROUP ON EARTH OBSERVATIONS
THE GREEK SUPERSITE: AN INITIATIVE FROM THE MOST TECTONICALLY ACTIVE PART OF EUROPE - ALEXANDROS SAVVAIDIS, PHD - GROUP ON EARTH OBSERVATIONS
KERING (KER-FR) DATA SUGGESTS STAGNATING INTEREST IN GUCCI AND INCREASING INTEREST IN BALENCIAGA AND ALEXANDER MCQUEEN - TICKERTAGS
KERING (KER-FR) DATA SUGGESTS STAGNATING INTEREST IN GUCCI AND INCREASING INTEREST IN BALENCIAGA AND ALEXANDER MCQUEEN - TICKERTAGS
Mark/Grade changes outside of Reviews of Marking and Moderation (ROMM) and Appeals - GUIDANCE - GOV.UK
Mark/Grade changes outside of Reviews of Marking and Moderation (ROMM) and Appeals - GUIDANCE - GOV.UK
Milvus Build Up the Unstructured Data Service - Jun Gu 09.2020 - ITU
Milvus Build Up the Unstructured Data Service - Jun Gu 09.2020 - ITU
Ticketmaster Leverages Sencha to Efficiently Manage Event Ticketing - CUSTOMER SUCCESS STORY
Ticketmaster Leverages Sencha to Efficiently Manage Event Ticketing - CUSTOMER SUCCESS STORY
You Can't Afford to be MIA with DIA: ANALYTICS TO ANSWERSEXECUTIVE SERIES Reducing Liability Loss with Data Integrity Audit Use
You Can't Afford to be MIA with DIA: ANALYTICS TO ANSWERSEXECUTIVE SERIES Reducing Liability Loss with Data Integrity Audit Use
Review of Current Non-Executive Director Fee Practices - Investore Property Limited May 2021
Review of Current Non-Executive Director Fee Practices - Investore Property Limited May 2021
DEVELOPING DATA STRUCTURES FOR JAVASCRIPT - JAVASCRIPT DEVROOM, FOSDEM 2019, BRUSSELS
DEVELOPING DATA STRUCTURES FOR JAVASCRIPT - JAVASCRIPT DEVROOM, FOSDEM 2019, BRUSSELS
Signaling Protocols and Procedures for Citizens Broadband Radio Service (CBRS): WInnForum Recognized CBRS Air Interfaces and Measurements ...
Signaling Protocols and Procedures for Citizens Broadband Radio Service (CBRS): WInnForum Recognized CBRS Air Interfaces and Measurements ...
Humanitarian Logistics Data Bank - Logistics Cluster
Humanitarian Logistics Data Bank - Logistics Cluster
Windows 10 Wireless LAN connection for Student/Staff owned devices
Windows 10 Wireless LAN connection for Student/Staff owned devices
FIGHTING AMERICA'S OPIOID EPIDEMIC: PROVIDING SAFE SOLUTIONS FOR PAIN - Move Forward PT
FIGHTING AMERICA'S OPIOID EPIDEMIC: PROVIDING SAFE SOLUTIONS FOR PAIN - Move Forward PT
Title here Remote Learning Provision Information for Parent/Carers - New Bridge School
Title here Remote Learning Provision Information for Parent/Carers - New Bridge School
Your Online User Guide - Samford University 403(b) Retirement Plan
Your Online User Guide - Samford University 403(b) Retirement Plan
NORTH-SOUTH CORRIDOR City of Unley - DELIVERING OUR TRANSPORT FUTURE NOW Council Briefing 5 July2021
NORTH-SOUTH CORRIDOR City of Unley - DELIVERING OUR TRANSPORT FUTURE NOW Council Briefing 5 July2021
LLVM Auto-Vectorization - Past Present
LLVM Auto-Vectorization - Past Present
G Suite delivered by TELUS - May 2020
G Suite delivered by TELUS - May 2020
YCS 200...210: Mobile Building Services (MBS) - Sauter Controls
YCS 200...210: Mobile Building Services (MBS) - Sauter Controls
JFROG ARTIFACTORY CERTIFIED DEVOPS ENGINEER
JFROG ARTIFACTORY CERTIFIED DEVOPS ENGINEER
CNA I Distance Learning Instructional Packet - E.C.I.S.D - East Central ISD
CNA I Distance Learning Instructional Packet - E.C.I.S.D - East Central ISD
SMSU Technology Services Guide 2020-2021
SMSU Technology Services Guide 2020-2021
New Zealand is ready to meet - How to attract business events in a post Covid-19 environment
New Zealand is ready to meet - How to attract business events in a post Covid-19 environment
Cooperation between Meteo Services and Civil protections at European Scale - Michael Staudinger ZAMG / ISDR - UPC
Cooperation between Meteo Services and Civil protections at European Scale - Michael Staudinger ZAMG / ISDR - UPC
SPECIFIC OBJECTIVES CALL FOR APPLICATIONS TRANSFO:INNO SCHOLARSHIPS 2019-2020 EDITION
SPECIFIC OBJECTIVES CALL FOR APPLICATIONS TRANSFO:INNO SCHOLARSHIPS 2019-2020 EDITION
Company Car Tax: Security Enhanced Cars
Company Car Tax: Security Enhanced Cars
Byerley Park Primary School - Catch-up Premium Strategy 2020 - 2021 Updated 3.2.21
Byerley Park Primary School - Catch-up Premium Strategy 2020 - 2021 Updated 3.2.21
Impact of Brexit on Luxembourg life insurance companies
Impact of Brexit on Luxembourg life insurance companies
Should the EU legislator harmonize rules concerning unfair business-to-business trading practices? Bert Keirsbilck Assistant Professor HUB - KU Leuven
Should the EU legislator harmonize rules concerning unfair business-to-business trading practices? Bert Keirsbilck Assistant Professor HUB - KU Leuven
How can we make our nodes less dependent on the energy grid and self sustaining during outages? - August 2017 - ROEL
How can we make our nodes less dependent on the energy grid and self sustaining during outages? - August 2017 - ROEL
Privilege and File Management When Dealing with CRA Audits
Privilege and File Management When Dealing with CRA Audits
OSFA Conference 2021 Oracle Business Intelligence Enterprise Edition (OBIEE)
OSFA Conference 2021 Oracle Business Intelligence Enterprise Edition (OBIEE)
Video Visitation: Lake County Department of Justice Expansion - Norix Furniture
Video Visitation: Lake County Department of Justice Expansion - Norix Furniture
The multilevel human brain atlas in EBRAINS - Timo Dickscheid Forschungszentrum Jülich
The multilevel human brain atlas in EBRAINS - Timo Dickscheid Forschungszentrum Jülich
Sociovocational Integration Services - SVI-1017-1 Persistence
Sociovocational Integration Services - SVI-1017-1 Persistence
SCAR SWG AKIS ONLINE, 24-25 September 2020 - 5th Mandate - 3rd Meeting - Innovarurale
SCAR SWG AKIS ONLINE, 24-25 September 2020 - 5th Mandate - 3rd Meeting - Innovarurale
What is your Digital Strategy? - Electronic banking, cash management update and trends
What is your Digital Strategy? - Electronic banking, cash management update and trends
GROUPS OFFERS - Restaurants d'Altitude de Chamonix
GROUPS OFFERS - Restaurants d'Altitude de Chamonix
WELCOME TO OUR JUNE 2021 EDITION - Pyrenees Shire Council
WELCOME TO OUR JUNE 2021 EDITION - Pyrenees Shire Council
ORGAN SCHOLARSHIP St Mary Magdalene, Richmond 2020-2021
ORGAN SCHOLARSHIP St Mary Magdalene, Richmond 2020-2021
Aerosol, Clouds and Trace gases Research Infrastructure - Session #2: How ongoing projects pave the way to Horizon Europe
Aerosol, Clouds and Trace gases Research Infrastructure - Session #2: How ongoing projects pave the way to Horizon Europe
33 MOTIONS OF THE EARTH - NCERT
33 MOTIONS OF THE EARTH - NCERT
Kaspersky conducts industrial cybersecurity assessment for PacificLight
Kaspersky conducts industrial cybersecurity assessment for PacificLight
HEALTH PLAN FOR UNC CHARLOTTE STUDENTS 2018-2019 - StudentBlueNC.com/uncc - Student Health Center
HEALTH PLAN FOR UNC CHARLOTTE STUDENTS 2018-2019 - StudentBlueNC.com/uncc - Student Health Center
2021 Legislative Highlights - Oregon Housing and Community Services - Oregon.gov
2021 Legislative Highlights - Oregon Housing and Community Services - Oregon.gov
Modelling Electric Vehicle Adoption in Passenger and Commercial Vehicles - Presentation to Imperial College Energy Modelling Workshop - Power Swarm
Modelling Electric Vehicle Adoption in Passenger and Commercial Vehicles - Presentation to Imperial College Energy Modelling Workshop - Power Swarm
We secure society by enabling trusted identities - HANNOVER ...
We secure society by enabling trusted identities - HANNOVER ...
LEGISLATIVE WRAP-UP: PROGRAMS & FUNDING - FLORIDA HOMELESS June 28, 2017 Sponsored by the State of Florida
LEGISLATIVE WRAP-UP: PROGRAMS & FUNDING - FLORIDA HOMELESS June 28, 2017 Sponsored by the State of Florida
2020 IAC Delta Scholar Application Packet - Dearborn High School
2020 IAC Delta Scholar Application Packet - Dearborn High School
We use cookies. Please refer to the Privacy Policy.