Can SASE Reinforce Remote Voting?
Reading Time: 4 minutes

The risks behind remote voting

Election interference is the new normal, or perhaps it quietly has been for some time now. Until recently, though, it has escaped the limelight because the process of voting in most places has barely changed since the dawn of democracy. People show up their designated voting booth, wait in line, verify their identities and cast their ballots – but in the era of COVID-19 this idea is more complicated than it once was – and also more compromised. 

Obviously, the ideals of democracy must be upheld even during a pandemic in which the pathogen at large is airborne, and people must be empowered to vote even if they aren’t able to stand in line. Especially as an important US Presidential election approaches at the end of the year, the idea of remote voting has emerged as a potential solution to the obstacles put in its place by coronavirus – but solutions must also be found for securing the remote vote itself.

A Rocky Start to Remote Voting

Rather than mail-in ballots, which require immense administrative efforts to corral, count, and authenticate, remote voting would entail using technology to mimic the same processes but in a streamlined digital manner. In the midst of COVID-19, governments have already embraced digital alternatives for physical processes steeped in tradition and respect – just look at the testimony of Dr. Anthony Fauci, who recently appeared in front of the Senate via Zoom.

Thanks to H.R. 965, which was passed in mid-May during the throes of the pandemic, members of the House have been alpha testing remote voting at a very small scale. While Senators must still show up and have their Yeas and Nays tallied on paper, House members are able to send in their votes via encrypted email and have them counted. This is still an early and rudimentary solution, and there’s no doubt that rolling out digital voting to the greater USA or even individual States would require something much more complex.

So far, some States are experimenting with digital voting, but they are doing so against the advice of Homeland Security’s recent report, which highlights remote voting as extremely high risk. This is no doubt a remnant of 2016, when hackers successfully breached online voter registration systems in an attempt to sway results of the election – or simply to test the water in advance of the “real” interference attempts which are soon to come. The wagons haven’t circled yet, and any efforts to advance remote voting efforts now are as undefended as they were then.

Remote is a (Necessary) Risk

Evidence points to the fact that the varied and disparate digital systems that already exist can’t be capably secured, meaning any attempts to institute remote voting will be built on a flimsy foundation and cause even more trouble. This would create an untenable situation in which both election results and faith in the system can be challenged, so any efforts to help US citizens vote from afar must also come with accompanying security technology.

Attempts to secure local and state voter registration systems so far have focused on the lowest-hanging fruit: patching software and hardware, and “backing up” incoming digital votes by writing them down on paper. This approach is smart, because it’s often the most basic exploits that hackers use to disrupt the voting process. The remote voting apparatus, in the States where it currently exists such as Delaware and West Virginia, is extremely flimsy and reliant on a stack of tools that are each capable of being compromised in different ways.

Hackers don’t necessarily need to infiltrate systems and change votes themselves, they can simply disrupt the process by deleting or multiplying votes, adding false data, compromising signature-verification software, or overloading them via DDoS. This can occur for the ballots, voting machines, Secretary of States or registration websites, and other weak links in the chain. Accordingly, the entire voting flow must be secured from the moment a citizen logs on, through the verification process and until the final vote is tallied.

SASE a Secure Voting Solution

Remote voting is coming whether we’re prepared for it or not, because if you ask election officials, it’s more important to re-enfranchise those who are disenfranchised than it is to secure the systems we use to accomplish it. Though problems are bound to arise, given that in classic federal government style it’s up to individual States and the agencies within them to choose relevant security vendors and solutions, a new type of unified product is emerging that will kill many of these issues with one stone.

Coined by research firm Gartner, SASE is a cloud-based security product that by nature is capable of being integrated directly into all resources in use across government offices, regardless of where they are physically. It essentially weaves an impressive array of different networking and security solutions into each resource deployed in the digital voting process, ensuring that participatory voters and officials across the country are protected, given custom access privileges, and closely monitored for suspicious activity.

If a SASE product is deployed then the State of Florida, for example, could mandate that voters logging into whichever voting application Florida chooses will first need to authenticate with 2FA. During the vote, a SASE product would encrypt the voter’s connection to State applications with IPSec tunnelling, and even automatically disconnect them from the internet if the application should fail. Because SASE is both ubiquitously integrated and built on software-defined architecture, officials tallying votes and doing other administrative election work could be assigned role, location, and even device-specific least-privilege access policies which would limit the attack surface for hackers.

Elections to Evolve in the Near Future

If government IT teams match the variety of remote voting hardware and software with a similarly disparate selection of security tools, then their efforts will be further distracted from ensuring an accurate vote and go instead towards managing their teetering software stack. What’s necessary is one security solution encompassing all tools that States need to protect their voters, and one that fits natively into the systems they’ve already begun implementing and is therefore easily onboarded as other States come “online”. 

SASE looks to be a promising contender, though the security industry has some catching up to do before it’s ready for elections. That’s alright, because poorly deployed security would do more harm than good, and it’s important to be airtight: The point of elections isn’t to pick the winner but to remove any doubt in the mind of the loser that results can be argued. For this reason a robust and proven security solution is necessary if remote voting is to be the status quo.

Read More
Tightening Security on Microsoft Teams
Reading Time: 4 minutes

Remember driving down to your local computer store and picking up a shiny new copy of the latest Microsoft Word? Sleek in its box, the neatly wrapped Microsoft product had both disc and license inside, but it also came with something you didn’t bargain for: responsibility for its successful, safe operation. 

As a physical offline copy, security issues in operating this relic of the past could be placed squarely on you. But now that Microsoft Word has gone through multiple cycles of product consolidation and emerged as a vital business pillar, security considerations surrounding the whole Office suite, and now Teams, deserve another look.

Microsoft Teams allows collaboration and communication across the various services that are included in Office 365. Make no mistake, Teams users can be confident in the safety of their data, but when more weight lands on the solution as a productivity cornerstone, it’s smart for organizations to supplement Microsoft’s built-in safety mechanisms

From discs to on-demand software, the now fully-integrated nature of Teams makes it a powerful tool, but one that sits at the epicenter of a bustling cloud encapsulating both good and bad actors. 

Consolidation of Products, and of Problems

Exemplified primarily by Microsoft, products that were once sold separately eventually congeal into a single platform that offers them all as functions conveniently packaged together. This is what happened to Word, Excel, PowerPoint and other Microsoft software that turned into the Microsoft Office 365 “as a service” solution. 

With Teams, increasing sophistication and connectivity in the name of a good user experience has also created new ideas in the world of security, as most innovations do. Teams represents a single window into the virtual Office, where employees can discuss projects happening in real time, talk over chat, voice or video call, and work on shared documents together. This shiny front end doesn’t bely any backend complication, but it’s there. 

For each “team” you create, the backend gets a new SharePoint site, Office 365 group and other assets in places like OneNote and more. This doesn’t include other integrations that your organization might choose, such as ZenDesk, Salesforce, Mailchimp and other popular platforms. With an impressive level of integration comes an intricately complicated environment for security professionals, especially as companies expand and lean on Teams even more. 

Licenses are online, so much of the functionality that Teams offers is largely available when an organization is connected to the web. Moreover, since November 2019 Microsoft has allowed Enterprise customers to grant guest access to contractors and other non-licensed individuals who work with them. Suddenly, file sharing of sensitive documents and resources is happening outside the network and unfamiliar entrants are streaming in, so managing the chaos becomes necessary.

Integrated Solutions Beg Integrated Security

Both in how Teams is secured and used, and in the tools that IT security teams must enforce for users, care should be taken so that data inside Teams doesn’t sprawl outside of its boundaries, or alternatively, become concentrated and offer hackers a single ripe target. Much like Slack, Teams users can create different channels where they communicate about specific subjects or tasks related to this department or the other. 

While users should be encouraged to create new and different channels for their conversations, it’s crucial to maintain control and ensure that loose ends (dead, repeat, underused channels) don’t occur, and that sensitive information isn’t overly shared or replicated in multiple different places or with people who don’t need to see it.

Integrations are crucial to any organization relying on Teams, and when implemented correctly they are amazing productivity boosters. However, one of the most underestimated issues that occurs in a highly integrated environment is configuration: Sometimes the integration may work well but the most minor settings might create a security gap that leaves the network exposed. 

When many third parties are a part of your Teams installation, whether they’re services or service providers, it’s recommended to layer an extra security blanket over the whole thing. Teams has built-in two-factor authentication, and IT should require it before users are able to log in. Don’t stop there, though, extra effort to track devices and endpoints should be taken as it will also help IT prevent downloads from Teams to unmanaged devices, or those that haven’t passed through the gates of “Zero Trust”. 

Because Teams is a nucleus of business activity and by definition holds assets that might spell trouble in the wrong hands, a strict least-privilege access model should be instituted. Another integrated solution is suitable, but one that simplifies the security functions that can plug into Teams, and with a purpose to remove trust from the equation, full stop.

Teams Turns Zero Trust

In few organizations does each employee need access to the full list of functions and capabilities that Teams provides. Microsoft understands that not every employee will need access to SharePoint, for example, and supports Teams separately as a cloud app for Azure Active Directory and the conditional access policies it offers. To take advantage, however, administrators must ensure that the correct policies exist on all applications inside the Teams installation such as Exchange. 

This can take some maintenance and oversight, so it’s easier to find a more unified, seamless Zero Trust solution where all this is done from a single admin panel. Security providers pursuing the Network as a Service model are already being used for this purpose, and when integrated with Teams are able to better streamline the orchestration of necessary security tools. Network as a Service solutions reside on the network layer and therefore allow organizations to easily define custom access policies for segments of their local and cloud resources (like Teams, or parts of it). 

This way, IT controls which roles, devices, and locations are allowed into specific parts of Teams and other network areas with greater ease. Additional security tools can’t hurt, and add a safety net to Teams in a couple different ways. Though Microsoft has 2FA, Single Sign-On and the encryption of files, a wider array of options is helpful. 

Support for other MFA and SSO providers is nice, as is the option between SSL, IPSec, and WireGuard in terms of encryption, for instance. One idea which should surely not be forgotten is better network activity monitoring. This is one of the most important points for complex Teams installations: logging and monitoring is a lynchpin to proactive threat detection and compliance alike. 

Integrating these functions directly into Teams doesn’t complicate it. Why? Simply because they’re all offered under the umbrella of a single security provider which integrates directly into Teams and saves IT from fiddling around with different settings between Exchange, SharePoint, Word, Azure, and others. Teams is an amalgamation of multiple useful software tools, but there’s no question that productivity is the primary reason for its existence, and that third-party security services improve it is neither a surprise nor takes from its impressive reputation.

Read More
SASE_Gov
SASE: Evolving Government’s Cloud and Network Security Strategy
Reading Time: 4 minutes

Even though cloud technology has become the new normal for the private sector, it has a less than tenuous grasp on government. In 2018, cloud neglect in the public sector prompted the White House to launch its “Cloud Smart” policy, designed to promote the idea that government agencies should begin adopting this useful breed of computing technology. 

At the time, relevant agencies didn’t jump quickly on the opportunity due to security concerns such as data storage and the sharing of information. However, the time is now ripe. With cloud computing over a decade old and long proven as a pragmatic solution to many administrative problems, it’s time for lagging governments to bring themselves up to speed. 

Despite some public offices embracing a cloud-first approach or cloud-only policy, the majority of the United States government is woefully behind, and still in the dark about the risks and benefits that come with moving network resources to the cloud. Most concerns circle the notion of privacy or security, but these days they’re addressed more easily than they once were.

Cloud Security a #1 Priority  

In the United States, there are more than 90,000 government offices that comprise a patchwork of different approaches for cloud computing and cloud security. In most cases, local and state governments are more open to adopting cloud solutions and services as opposed to the federal government.

These government offices are finally clueing into the tangible benefits that the cloud provides: low costs, ease-of-use and higher productivity. With these advantages within reach, ensuring that preferred cloud solutions are secured has become the top priority for governments. Any and all benefits can be ignored if the implemented cloud services or solutions aren’t totally secure, and this is why analog processes have reigned supreme for so long.

As government offices begin to push their networks onto cloud infrastructure and connect them with remote workers and IoT devices, the number of endpoints that hackers can attack has climbed significantly. As we saw in March 2018, the City of Atlanta was attacked by hackers with ransomware that shut down government services for six days. Likely a victim of the SamSam exploit on Java-based servers, this is an example of how ditching self-managed hardware for a provider’s cloud would likely add a barrier between hackers and government property.

Gov_breaches

It is also just one of many examples for how governments have become a more popular target. In response to the growing sophistication of attacks, cloud security must now go beyond malware defense, and so government IT teams are forced to look at the big picture. Instead of focusing on specific types of attacks, they need to promote efforts to gain omniscience within the network. In the past, governments tended to only pay attention to the data leaving their network perimeter, but today they need to be just as cognizant of permissioned users and data being accessed by government employees. The rise of the remote workforce has pushed visibility even further into government IT teams’ awareness.  

Taking Control of the Network 

As more governments adopt network security solutions for their work environment, an increasing number of security events and alerts have overwhelmed governments’ security teams, which actually distracts from the idea of better network visibility. IT teams need to have complete knowledge of what is occurring on their network at any given time, across public and private clouds, applications running on the network, and more. Where numerous unqualified alerts create a swarm blocking proper visibility, hackers can use the hubbub to muffle their steps and make a quiet entrance into government agencies’ networks. 

To fight visibility and network control concerns, governments should adopt Security Information and Event Management (SIEM) systems. These systems accumulate the data from different sources and recognize which are outside normal parameters, and also provide an appropriate response. SIEM systems play a huge part in helping IT and security teams to detect and prevent security risks across governments’ infrastructures in an intelligent manner. 

More Solutions, More Headaches 

For any modern government cloud security strategy, it’s often recommended to implement a range of products that deal individually with a wider range of common network attacks. Until recently, this strategy worked well, but now we are seeing that it creates a bigger problem. Adding a large number of products to IT’s stack causes misconfiguration and exposed deployments of various software solutions. This, together with ensuing hybrid IT complexity, is creating a tangle of security challenges for IT teams.

This challenge has a label; “tool sprawl”. It is the idea of investing in a range of security products that work together, yet make it harder for IT teams to manage and orchestrate them in the network. In order to achieve a more flexible and productive network and cloud security strategy, governments have to move away from the multi-vendor tool sprawl approach and look to adopt a unified platform model. It’s especially true for governments that are looking to ensure the privacy and security of their data against outside threats. This is where SASE comes into play.  

Perfect Cloud Security Model for Governments 

By adopting edge data security, government agencies can enhance their security hygiene with the help of quicker, integrated, and more elastic solutions that simultaneously keep government employees connected from afar. This approach has become more relevant with the introduction of Secure Access Service Edge (SASE).

Secure Access Service Edge (SASE) was introduced by Gartner in August 2019. SASE is a new cloud-based network security model that combines multiple network technologies delivered as a service, including SWG, CASB, FWaaS and ZTNA with WAN capabilities (i.e., SD-WAN) to support dynamic secure access to organizational assets. The SASE model allows government IT and security teams to easily connect and secure all of their networks and users in an agile, cost-effective and scalable way through the cloud.

By adopting a SASE platform, government offices can enable the delivery of integrated secure network security services that support digital cloud transformation, edge computing, workforce mobility, identity and access management. This new model will help governments get over the hump of doubt that has built up around the cloud. It will allow governments to manage all of their security and network solutions from one platform, fight off new threats and secure employees’ data no matter their location. On the near horizon is a cloud security strategy for the future and one that has no more relevant home than government.

Read More
Cloud Policies
Why Your Organization’s Security Strategy Starts with a Cloud Security Policy
Reading Time: 4 minutes

The IT industry has made significant strides with cloud computing security and many organizations remain anxious about emerging cloud security risks. A new generation of malware and hacking techniques continue to threaten different organizations’ data and apps on the cloud. We are seeing many different cloud security vulnerabilities being introduced through bringing your own device (BYOD) risks, web application risks and incomplete cloud visibility. 

To fight off these cloud risks, organizations need to act quickly to seek the cloud’s advantages while maintaining control over their assets. So how do organizations grow with the cloud and ensure they’re acting responsibly when it comes to cloud security? 

The Cloud is Not as Secure as You Think

When we think of cloud security, the first thing that comes to mind is data loss but that is the wrong way to think about it. When organizations implement different cloud services, one of the main security factors that is focused on is if the network and resources are safe. Instead, we should be additionally focusing more on how employees are using cloud services. One of the lesser-known challenges with the cloud is if your team is implementing and taking the appropriate cautionary steps when deploying resources.

Organizations need to implement different cloudy security tools that encrypt data and access control and implement organization-wide cloud policies. By implementing these tools they will fix or play safeguard with the appropriate amount of cloud security hygiene. But at the end of the day, it all starts with a strong cloud security policy.

What is a Cloud Security Policy?

With the increasing global adoption of cloud computing, having a cloud security policy is essential for every organization. Cloud security policies are the guidelines under which companies operate in the cloud, often implemented in order to ensure the integrity and privacy of company-owned information.

When most organizations migrate to the cloud, they often mistakenly indicate that the current security policy will cover the cloud security rules in their policy. While there is some sense to this, it’s rather lacking and it can create specific holes exposed to potential risks. However, organizations need to consider incorporating the importance of cloud security into their existing security policies and standards. A cloud security policy needs to be flexible and interchangeable in order to meet the new security rules of the organization. 

Your policy must be simple to understand by all of your employees. In order to keep training costs down, it’s best to avoid overcomplication and technical complexity in the policy. The best security policy will be one that is clear and concise. Don’t be afraid to state the obvious, as that way nobody can claim to have missed the point. Every cloud security policy should start with a definition of intent, which clearly outlines the whole point of the policy. 

The Key Principles of a Successful Cloud Security Policy 

The policies for your organization’s cloud security must come from all corners of an organization; from your developers, security team, management team, and so on. These policies are the basis for all cloud security planning, design and deployment. These policies should be able to provide direction on how the issues should be handled and what are the best technologies to be used. 

While security policies are very easy to decide on, the main issue is to implement them properly. The organization’s security policies depend on the different content on which they are implemented. These security policies of an organization are required to protect the cloud security of an organization.

Here are the key principles of successful cloud security policies that you can implement at your organization:

Implementing Security Awareness Program

Educating users on the need for security is important as it will help them understand the importance of cloud security, and how it will benefit them in their daily work. Implementing a security awareness program is a major step with your cloud security policy. 

The program should explain why security is everyone’s responsibility and show the users about their role in maintaining security. This is because people often tend to think that only the security team’s responsibility in protecting the security of their company.

Clear Communication

Once an organization has implemented the policy, it has to be clearly communicated to all the people responsible for enforcing and complying with it. It can include employees, service providers, and other relevant users. 

The policy can be introduced to the employees during their start at the organization and incorporated into the company’s Employee Handbook. A key part of the communication process is to establish a record that those involved have read, understood, and agreed to abide by the policy. It is a challenge to ensure that users understand and accept the policy that governs them. A clear, concise, coherent, and consistent policy is more likely to be accepted and followed.

Authorized Access Regulations

To prevent any unauthorized access to your cloud network environment or cloud resources, organizations need to implement precise access control regulations internally. By implementing access regulations it will prevent potential holes in your organization’s network on the cloud. 

By implementing these regulations in your cloud security policy you will be only giving access to the users that actually need access for their day to day job. The policy should include authentication protocols, identity and authorization management, authorization, and authentication protocols, like in the Zero Trust security model.

Encrypting Cloud data

When creating a cloud security policy one of the most important sections has to be data encryption. By enforcing cloud data encryption, organizations will be more secure knowing that only authorized users will be able to access sensitive data and cloud resources. Additionally, organizations should encrypt data and cloud resources that are being uploaded to the cloud to ensure that they are secure and protected.  

We recommend that you schedule a monthly data encryption update to make sure that your data and resources on the cloud are secure and protected.

Monitoring your cloud environment

Monitoring is a critical component of cloud security policy. By implementing automated tools helps your organization get a macro view of your entire network. Cloud monitoring provides an easier way to see different activity patterns and any potential vulnerabilities in your network on the cloud.  By implementing an effective cloud monitoring solution it will put the organization’s security and compliance team at ease knowing there is a system in place. 

An organization’s cloud security policy can be a decisive factor when deciding the right direction by implementing different cloud services and resources. However, it shouldn’t change the organization’s mission. With that in mind, it’s important to create an employee-friendly cloud security policy that is aligned with an organization’s culture and helps the employee work more smoothly without interfering with their day to day work environment. In conclusion, a more complete cloud security policy will keep your company safe but don’t forget the policy starts with your employees. 

Read More
Cloud Security_5_Steps
5 Steps to Improving Your Cloud Security
Reading Time: 4 minutes

The adoption of the cloud has come a long way in the past decade. In the early 2010s “The Cloud” was initially introduced as a buzzword, but today most organizations are employing the cloud for their business. Seventy-two percent of all businesses globally are dependent on some form of the cloud in their daily work life and that number will increase even more for personal use. The adoption of the cloud is changing the way businesses and organizations are running globally as everyone and everything is becoming dependent on technology.

The cloud market is estimated to be worth $411 billion by 2020 and the number will only continue to increase with more and more organizations moving from on-premise to the cloud. 

While cloud usage is rapidly increasing, one of the major concerns for all organizations with the adoption of the cloud is security. Every year we are seeing a continuous increase in the number of cloud-related security breaches leading organizations to carefully contemplate whether to adopt cloud services or stay on-premises.

In the early years of cloud adoption, the cloud was less secure than we know it today. However, service providers have learned from their past mistakes and implemented new security features that can fight off different cloud risks. Better security tools and processes have been developed to make the cloud safer than on-premises solutions in many cases, but for complete cloud security, organizations need to emphasize the priority of cloud security. 

Security Has to Become a Priority 

Organizations are stepping up their adoption of cloud services and are becoming more at ease and familiar with the importance of working securely in the cloud. The reasoning behind the increasing adoption of cloud services is that organizations are implementing the common shared-responsibility model of cloud security which is the idea that organizations and their cloud service providers are in agreement to split up different responsibilities for the cloud deployment. The cloud provider will be responsible for cloud deployments such as networks and operating systems and the organizations will be responsible for the rest. Yet working with well-known cloud providers doesn’t always mean that your cloud resources are secure. It is extremely important for organizations to invest in cloud security in order to avoid security risks in their network and to defend against internal and external cloud threats. However, while this is an obvious priority for security teams, it also needs to become a priority for all employees.

The decision-makers need to have a better understanding and commitment to the importance of cloud security. Instead of just delegating every security risk to the security team, it has to become a decision maker’s issue as well because the result of failure can potentially collapse a business. Any organization may be only a data breach away from catastrophe.

5 Steps to Improving Your Cloud Security 

With the constant threats against networks and web applications increasing, it’s time for a refresher on how to secure your organization’s cloud security in just five steps.

Deploying Authentication Tools

Adopting a multi-factor authentication solution inside your organization provides another layer of security by challenging users to prove they are who they say they are. It provides IT security teams with broad visibility into the organization’s network and application. 

Encouraging your employees to sign in with one or more extra authentication tools on top of their username/password is a simple and efficient way to provide an additional layer of protection.  

Manage Your User Access

Most of your employees won’t need access to every application, resource or critical information belonging to your organization. Setting proper levels of authorization ensures that each employee can only have access and work on the applications or resources necessary for them to do their job.

Stolen user accounts are major concerns for organizations’ cloud security. This headache can be fixed if we limit what users can access. So even though we still require verification for every user, by providing employees with a minimal level of privileges, this will make it harder for hackers to access the organization’s critical resources and networks.

Monitoring User Network Activities

Real-time monitoring and analysis of network users’ activities can help you point out anomalies from the normal activity patterns of your employees. For example, unknown users logging in from unauthorized devices, IP addresses, locations and more.

Logging user data will allow you to prove to auditors that your networks and applications are secure and you can provide a full activity report at any given time and location in case of a serious breach. These irregular activities could display a potential breach in your system, and discovering them early on will allow you to fix security issues.

Encrypt Your Data

By failing to encrypt sensitive data you risk putting both your organization and customers at risk. It is the responsibility of the cloud provider to make sure that data is encrypted, and that the data can be properly decrypted once it’s taken from the cloud. 

IT teams should have the encryption and decryption keys in a secure location, and they should never be stored with the data on the cloud. This encrypted data is very hard to crack, especially if the cloud provider and organization use different encryptions on the data.

Educate Your Team 

One of the key steps for better cloud security is to educate employees. Human error accounts for 90% of data breaches and it can be very easy to accidentally introduce malware into an organization’s network. It is important to train employees on security policies and to explain the rationale behind those policies.

Employees won’t care about creating a strong password or watching for phishing emails if they don’t understand the risks behind them. You don’t need to teach employees about every technical detail in security protocols, but they should know which risks can impact their jobs. Organizations should frequently run training sessions to keep their employees up to date with security best practices. 

Secure Networks with Cloud Security

Improving your cloud security starts with prioritizing the importance of cloud adoption and the correct security hygiene throughout the organization. Start with adopting a Zero Trust Network as a Service that incorporates the Software-Defined Perimeter model such as Perimeter 81, which allows you to deploy authentication tools, manage user access and monitor network activities in all in one platform.

Your cloud security strategy should be flexible and upgraded to cope with the different security threats. By implementing the 5 steps above and utilizing a Zero Trust Network as a Service, your organization will have a more complete and secure cloud security.

 

Read More
Capitol One Breach
The Capital One Data Breach: How Crisis Could Have Been Averted
Reading Time: 3 minutes

One of the largest hacks in 2019 was made by a former Amazon employee who stole credit card data, including 80k bank account numbers and 140k Social Security numbers affecting millions of Americans and Canadians. Here’s how this crisis could have been averted.

The largest category of information which was accessed is related to consumers and small businesses who applied for credit cards between 2005 and early 2019, according to a statement from Capital One. 

The stolen information included names, addresses, postal codes, phone numbers, email addresses, dates of birth, and self-reported income, as well as other bits of important data that may be used by criminals to carry out fraud. 

Who Let the Data Out?

The cause of the breach was a cloud firewall configuration vulnerability, which Capital One said it has since fixed. The unauthorized access took place on March 22-23, 2019 when the attacker exploited a firewall misconfiguration which permitted commands to reach the impacted server. 

This exploit allowed a hacker to execute a series of commands on the bank’s servers. Once through the perimeter, the intruder commandeered the credentials for an administrator account, gaining access to Capital One’s data stored on their AWS servers. The file contained code for three commands:

The first command obtained security credentials from an administrator account that had access for web application firewalls. The second listed the number of buckets or folders of data in an Amazon Web Services (AWS) database. The final command by the hacker was to copy the data from the Capital One repository. After successfully exfiltrating the data from Capital One’s servers, the hacker posted the stolen data to GitHub for a brief while before dropping a dime on herself on Slack. Despite her use of tools aimed at keeping her anonymous, it created a digital trail for their potential arrest. 

Is Capital One to Blame? 

Data breaches on cloud storage services are occurring more often, primarily because more companies are using the cloud and attackers are seeing this as a fruitful platform. Despite the migration to cloud services, companies are still responsible for their own security even on the cloud. When implementing a cloud storage service there are many financial and logistic benefits but companies must not forget the importance of cloud storage security. 

There is no denying that cloud computing is the way of the future, but when financial institutions that house so much sensitive customer data approach the cloud, implementing the proper security measures is an absolute must. In the case of the Capital One breach, despite being cloud innovators, security wasn’t up to par.   

Capital One has been a major advocate in the banking world for cloud services. The company is migrating more of its applications and data to the cloud and plans to be done with its data centers by the end of 2020. Other financial institutes have been more cautious of implementing cloud services, largely for security reasons.

Cloud-hosting services such as AWS are very appealing to companies looking to cut costs as data centers carry a hefty price tag, often tens of millions of dollars. When it comes to data security, AWS, like most providers, the cloud storage model is the Shared Security Responsibility model. This assures certain layers of infrastructure and software security, but the customer is ultimately responsible for how data is used and accessed.

Clearly, there were mistakes with how Capital One was protecting this AWS bucket as it appears someone was able to access the data it contained pretty easily. The Capital One breach is proof that companies have a lot to learn when it comes to deploying security technology effectively and especially the importance of access to cloud storage must be defended and protected by adopting security strategies like a AWS security solution.

Stay on Top with Secure Network Access 

Many organizations still rely on outdated hardware-based VPN technology with a distributed management system and other complicated client applications. These systems are complex, costly, require extensive management, and most notably, they are not cloud-friendly.

Access to cloud storage must be defended and protected by adopting security strategies, like the Zero Trust security model, which enforces multiple layers of verification before granting resource access. Furthermore, this breach highlights the need to embrace cloud-compatible cybersecurity solutions. 

To prevent similar risks such as the Capital One breach, organizations should use Software-Defined Perimeter technology and the Zero Trust model or SASE to close their cloud environments and SaaS services so that they can only be accessed by authorized devices, users and locations.

The shift to the cloud is inevitable, so it is key that financial institutions also adopt cybersecurity services that are well designed to integrate with major cloud providers. Our Zero-Trust Network Access solution allows direct access to cloud resources and applications while evaluating the user permissions and related metadata. With Perimeter 81, organizations can ensure that only authorized connections are being established while leaving their cloud environments completely hidden from attacks.

To learn more about Perimeter 81’s Zero Trust Network as a Service be sure to request a complimentary demo.

Read More
How to Improve Cloud Security and Productivity Through IP Whitelisting
Reading Time: 4 minutes

Manually whitelisting IP addresses can be a time-consuming process that needs constant management which is why utilizing a service that does this for you can boost employee productivity and improve cloud security.

IP whitelisting allows IT administrators to assign any team member a single, static outgoing IP address. This capability enables new types of cloud and on-premises configurations that are only possible with static IP addresses.

Instead of blocking access to identified risks and threats, such as in the case of blacklisting applications, web pages or IP addresses, IP whitelisting allows you to identify and permit access to trusted resources. By whitelisting IP’s, you are granting only trusted users within a specified IP address range permission to access specific domains or network resources such as emails, applications, URLs or more.

However, manually whitelisting IP addresses can be time-consuming and requires constant management. Here’s how you can automatically whitelist IPs so that you can boost employee productivity and improve cloud security for your entire network.

Whitelisting Usage and Benefits

Implementing IP whitelisting not only improves security but also promotes a more productive workforce by providing a secure and easy way for users to access private network resources from both personal and corporate mobile devices.

  • Improve Cloud Security
    By implementing IP whitelisting, you can improve system security by preventing unauthorized access to your account. If someone tries to access your network with an IP address that isn’t whitelisted, they will be denied access. With Perimeter 81, we provide IT administrators and owners the ability to define user access for every employee in the network, group them with users of similar access limits, and automatically whitelist the group’s IP address.
  • Increase Productivity
    Without a service like Perimeter 81 to whitelist IP addresses for you, IT administrators are left to manually whitelist IP addresses for users, websites, and other gated resources which can take a significant amount of time. With whitelisting, businesses can also limit access to unsecured or distracting sites that can reduce productivity and cut into profits. In fact, 50 percent of businesses take whitelisting very seriously because of these reasons.
  • Secure Remote Access
    Whitelisting enables organizations to secure remote access to the network, including BYOD (Bring Your Own Device) that allow employees to utilize their own devices. With remote access security, businesses can mitigate both cloud and on-site risks that could negatively impact your company’s projects or profits.

How to Whitelist IPs with Perimeter 81

Utilizing Perimeter 81’s secure network access service, all Internet traffic is fully secured and encrypted. Using the unified management portal, IT administrators can easily block out threats, grant user access to approved resources and automatically whitelist specific IP addresses.

How it Works

Perimeter 81’s private gateway feature provides IT administrators with the power to whitelist IP addresses, thereby enabling all team members to share a single, static outgoing IP address accessible by your organization or partners. For example, remote users can always connect to the Perimeter 81 private gateway first, then have their IP address whitelisted.

With Perimeter 81, you can give each user access to the necessary resources they need from any IP address by assigning users to groups. Each user signs in via Identity Provider integration, username and password, and/or two-factor authentication and is then able to access resources according to the roles and permissions assigned to them. This keeps IT administrators from having to manually whitelist every user’s IP address.

After the whitelist is configured with users and permissions, the user list should be audited on a routine basis as employees are hired and leave companies on a regular basis. In addition, partners that access IP whitelisted resources come and go and IT administrators should have full user access visibility through IP whitelisting.

Perimeter 81 IP Whitelisting in the Cloud

Because remote users can always connect to a gateway first and then have their IP address whitelisted to a security group, cloud service platforms including AWS, Azure, Office Firewall, SalesForce, or Zendesk can all be configured to work with Perimeter 81.

Using AWS, for instance, inbound traffic from Perimeter 81 to AWS can be authorized by whitelisting the Perimeter 81 Private Network IP address to your Security Groups (AWS Virtual Firewall).

AWS Security Groups enable the control of IP traffic to your instance, including traffic that can reach instances and services both in the cloud and on-premises. To whitelist IPs, you can allow computers from only your Perimeter 81 Private Server to access your instance using SSH, or use a web server that allows all IP addresses to access your instance using HTTP or HTTPS, so that external users can browse the content on your web server only once connected to Perimeter 81.

Example: How to Whitelist IPs in AWS

Following is a walkthrough of how to use AWS Security Groups to enable the control of traffic to an AWS instance, including traffic that can reach both instances and services:

  • Step 1: Create a Private Network IP Address
    First, create a Perimeter 81 Private Server and then obtain its static public IP address..
  • Step 2: Add an EC2 Security Group Rule  
    Add an EC2 Security Group Rule for Inbound Traffic from Perimeter 81 to the required resources by whitelisting access to the Perimeter 81 Private Network to other instances, databases and related security groups.

    • In the navigation pane of the Amazon EC2 console, choose Security Groups.
    • For every security group you’d like to allow secured access over your Perimeter 81 Private Network, add an Inbound Rule:
      • Specify the related Type (ALL TRAFFIC, SSH, HTTP/HTTPS etc..).
      • Under the Source, enter the Perimeter 81 Private Network IP address including the subnet mask. For example, for IP address 129.42.24.22, enter 129.42.24.22/32 (CIDR notation).
      • Click Save.

Whitelist IP - Perimeter 81

Add access from Perimeter 81 Private Network to your AWS Environment, Instances or databases

Whitelisting Isn’t the Full Solution

For most businesses, whitelisting IP addresses can be overwhelmingly beneficial. However, even though whitelisting can improve cybersecurity, boost productivity and benefit your bottom line, it’s important to remember that each line of security is important. Whitelisting should not replace other security measures, but instead, be used as a complementary piece of a comprehensive security solution.

We hope you found this post helpful! Feel free to let us know if you have any questions and follow us on social media if you’d like to continue receiving all the latest business security news.

 

Read More
HIPPA Compliance - Perimeter 81
How a VPN Can Help with HIPAA Compliance
Reading Time: 3 minutes

HIPAA compliance affects healthcare organizations, insurance agents and more. In this recent podcast, we’ve outlined the easiest way to secure your data so that you can meet HIPAA compliance obligations easily and cost-effectively.

Public Wi-Fi is dangerous for both people and businesses, especially for those dealing with confidential and sensitive data. Due to a lack of encryption and open passwords, unsecured networks can be hacked in a matter of seconds.

We’ve already seen many significant healthcare data breaches this year. The HIPAA Journal reported that there were 29 breaches in May of 2018 alone with unauthorized access being the most numerous type of breach with an incident of 51 percent.

Introducing the Cloud VPN

With a Virtual Private Network (VPN), organizations can easily protect data transmission, secure data with strong encryption and meet other compliance requirements to secure electronic Protected Health Information (ePHI).

When you connect to a VPN, you create an encrypted tunnel that protects your data from hackers and third parties. This allows you to set up a completely private and secure connection to another network, enabling remote employees to securely access the network while they’re outside of the office.

Our service actually takes this one step further with Wi-Fi Security – a patent-pending feature that automatically activates military-grade encryption the moment an employee connects to an unsecured Wi-Fi network. This keeps all data being transferred over the network hidden from hackers – even if their mobile device is locked and inside their pocket.

More, our DNS Filtering Solution prevents the employees to access spammy websites that could endanger the company’s network security.

How Does a VPN Supplement HIPAA Compliance?

Majority of ePHI breaches result from compromised mobile devices or networks that contain unencrypted data which can result in loss of trust, substantial fines, criminal charges, and even civil action lawsuits.

To secure confidential data, organizations can implement a VPN to encrypt all transmitted data over the network, securing protected health information both on-site and remotely. Cloud VPNs integrate seamlessly with major cloud providers and can ensure that sensitive data located in cloud environments are fuly protected and secured.

The Benefits of Using a Cloud VPN

  • Lockdown Confidential Data and Databases to a Specific IP Address

    When you deploy a private server, you essentially restrict access to certain resources using a specific IP address. This allows you to designate certain team members to have access to only that server or IP address, limiting data access and segmenting the network.

  • Nonstop Security with VPN Kill Switch

    A VPN kill switch ensures that if the VPN disconnects for any reason, the Internet connection is stopped and no data is transferred. That means that no data will ever be transmitted over the network without encryption so that no third party can see your data in plain text.  

  • Full Visibility with a Unified Management Platform

    Not all software based VPN services offer advanced visibility and management features. With our VPN service, you can easily invite team members, deploy private servers and view all network activity in one unified place.

  • Two-Factor Authentication and Identity Provider Integration

    Two-factor authorization is key to security because it prevents hackers from accessing your account even if they were to obtain your login credentials. By requiring an additional layer of security via SMS push notifications or Google Authenticator, user access can be easily maintained.

Achieve HIPAA Compliance with a Full-Service Security Solution

At Perimeter 81, we’re highly aware of data storage and logging privacy because it’s critically important in both the business and consumer spaces. Even before GDPR came into effect, we were ready to address these security issues for our customers.

Cloud-based VPN technology offers much-needed scalability, affordability and increased compatibility with cloud storage environments. We are GDPR compliant, SOC-2 compliant and ISO 27 001 compliant so that we can offer a highly effective solution for any organizations’ HIPAA compliance needs. 

If you’d like to learn more about using a VPN for HIPAA compliance, please don’t hesitate to request a demo at www.perimeter81.com/demo or contact our sales team at [email protected].

Read More