Monitoring cloud application activity to improve data security

Apr 8
14:33

2021

Nazibullah Khan

Nazibullah Khan

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

Digitization has revolutionized the way we work. Critical business applications and data are just a keystroke away, no matter where the employee is or what time. Perhaps it is this familiarity with data that makes employees feel so connected to it when they change jobs. Even they often take some of it with them. Perhaps that is why most of them do not consider this a criminal act.

mediaimage

Whatever the reasons for this deliberate filtering of data,Monitoring cloud application activity to improve data security Articles lack of security can affect the growth of an organization and its ability to maintain a competitive advantage. But with greater visibility into internal threats, organizations can expel bad players and improve overall security.

Below are some major events that organizations are monitoring cloud applications and how their attention can help ensure good environment in the company.

Look at the login activity

Find out who’s logging in from where, and when there are likely to be some surprises with app interactions. Irregular users who have not been properly deprovised may access sensitive data after employment, in the event of a departed employee, or at the end of a third party contract. Login activity can also identify a user’s location, devices, and more – all of that can reveal potential security incidents, breaches.

Organizations can protect data from those who no longer have access, such as a former employee or contractor, by tracking inactive user logins. Login activity can also indicate whether employees are logging in outside of business hours or from a remote location. This could be an indicator of an employee’s overtime, but it could also be a red flag for a quitting employee entering after hours to steal data.

Explore what’s exported

Exporting reports is an easy way for employees to retrieve large amounts of sensitive data from Salesforce and other cloud applications. Users can create reports on just about everything in Salesforce, from contacts and leads. And these reports can be exported for ease of use and analysis.

The other side of the coin is that this ability can also make a company vulnerable to data theft and hacking. Outgoing employees can choose to export a customer report using this list to join or start a competitive business.

But if the company is tracking exports, this activity helps:

  • Protect confidential information about customers, partners and prospects, which will increase your customers’ trust and comply with major security regulations and standards (such as PCI-DSS).
  • Find employees who may be receiving data for personal or financial gain and stop deleting data before more damage is done.
  • Reduce the severity and cost of data breaches by detecting and fixing export activities faster.
  • Find probable cases of compromised credentials and deactivate compromised users.
Explore all reports

Companies focus their security efforts on which reports are exported, but simply generating a report can create a potential security issue. The principle of least privilege assumes that people are only given the minimum amount of permissions they need to do their jobs — and this applies to the data that can be viewed. But many companies provide broad access throughout the organization, even for those whose work does not depend on viewing specific confidential information.

Scope of work is an important consideration in which reports are relevant. If you look at which reports have been run, the top performers of the reports, and the scope of the reports, you can keep track of cases where users may have run reports to gain access to information outside of their work. Users can also run – but not necessarily export – larger reports than they usually do or than their colleagues.

The third benefit is the monitoring of personal and unsaved reports, which can help eliminate any security vulnerability created by users trying to filter data without leaving a trace. Whether it’s a user trying to steal data, a user with a higher level of access than necessary, or a user who accidentally ran a report, monitoring report access can help you uncover any additional security holes or learning opportunities.

Keep track of creation and deactivation

User creation and deactivation is part of user management. Organizations can track deactivation – which, if not done properly after an employee leaves the organization, could result in an inactive user gaining access to sensitive data or an external attacker gaining their still active credentials. For this and other cloud applications, a security issue can also arise when a person with administrator rights creates a “shell” or fake user under which he can steal data. They can then deactivate the user to hide their tracks.

User creation monitoring is an additional step that security teams can take to keep an eye on any potential internal threats. And by tracking when users are deactivated, you can run a report of deactivated users over a period of time and correlate them with your former employees (or contractors) to ensure proper deletion. Monitoring to create and / or deactivate users is also required by rules such as SOX and frameworks such as ISO 27001.

Check the changes in profiles and permissions

What the user can and cannot do in cloud applications is governed by profiles and permissions. For example, in Salesforce, each user has one profile, but may have multiple permission sets. These are usually combined using profiles to provide minimum permissions and access settings for a specific group of users, and then permission sets to grant additional permissions to individual users as needed. Profiles for managing object, field, application and user access rights; tab settings; Access to the Apex and Visualforce classes; page layouts; post types; login hours and IP addresses.

The permission level varies by organization. Some give all users additional permissions; others grant only those permissions that are necessary for that user’s specific work roles and responsibilities. But, for example, with more than 170 permissions in Salesforce – and hundreds or thousands of users – it can be difficult to understand the full range of capabilities your users can do in Salesforce.

Control this data

Digital transformation has brought greater freedom and productivity, allowing employees to work from anywhere, anytime. Cloud-based business applications have become the norm, with data flowing back and forth across countless endpoints associated with employees with varying levels of responsibility.

To monitor all of this activity, many companies today monitor user interactions with cloud applications and data. Sometime, they take help from reputed provider of Managed IT Services. This provides greater transparency, which helps both your organization and your customers to be more confident that security measures are in place to protect data.