My Own Worst Enemy: Why the Insider Threat Should Be Companies’ No. 1 Security Concern
As a species, we humans just can’t seem to get out of our own way.
A recent Bromium survey found that 83% of information security professionals feel that users are among the greatest security risks to their organizations, followed by cloud services and mobile devices—each at 38%.
Does this story sounds familiar? It should to anyone in the IT world.
Upon reading the survey, I couldn’t help but be reminded of the Aberdeen Group study from 2013, “SaaS Data Loss: The Problem You Didn’t Know You Had,” which found that 64% of cloud data loss is caused by an end user accident. I also can’t help but think the above-mentioned 38% of info security professionals who see cloud services as the greatest security risk–their organization should be more afraid of their users than the cloud itself, but perhaps they haven’t read the Aberdeen study yet.
As sophisticated and powerful as the SaaS applications being adopted are, the truth is that as long as there are humans operating these applications, eventually they’ll make a mistake. Of all human error-related cloud data loss instances, the two most common are:
1. End users overwriting a file or piece of data shared among several users.
SaaS solutions like Google Apps, Box and Office 365 have made it easy for teams to collaborate on projects and documents in real time, alleviating data and email sprawl. Despite those advances in collaboration, we still have a very real problem with users sharing files and overwriting earlier versions, or saving over an existing document without regard for what was saved in the original.
2. An end user accidentally deleting or permanently purging data.
Whether your cloud applications have an adequate retention policy or not, end users can still destroy everything in a matter of clicks. For example, if a user decides to purge his or her trash folder in Gmail or Outlook, those items will be unrecoverable after 30 days on a standard plan. Looking for an email from a few months ago? Tough luck–it’s gone.
Protecting Yourself against Yourself
Thankfully, as SaaS adoption has grown, SaaS backup applications have made their way onto the market. A SaaS backup solution should be proactive, automatically backing up users’ application data multiple times a day so that IT managers can restore lost data to the most accurate point in time. Your SaaS backup should store the backed-up data in an off-site location so that it’s available if something should happen to your production cloud. Finally, your SaaS backup should be tamper-proof. The data stored in your backup cloud should be held to the highest security standards, and, to ensure the integrity of the data stored in it, only an IT manager should have the ability to restore data to user accounts.
Humans may very well be accident-prone for all eternity, but with a business-grade SaaS backup solution, we can at least erase the mistakes we make at work in the cloud.
Trace Ronning is the content marketing manager at eFolder. Guest blogs such as this one are published monthly and are part of MSPmentor’s Cloud-based File Syncing and Sharing Infocenter.