Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Ransomware in the Age of #SaaS | @CloudExpo SDN #AI #ML #CloudSecurity
There’s a rapidly evolving range of threats that SaaS users face on their own side that SaaS providers have no control over

Protecting Data and Applications in the Age of SaaS

Recent market analysis from Cisco demonstrates the torrid adoption of cloud-based services. By 2019, more than four-fifths of all data center traffic, 83 percent, will be based in the cloud (up from 65 percent today). Most of this action will be going to public cloud services, which will account for 56 percent of all cloud workloads. In terms of type of cloud services, a majority will be applications, as the study finds Software as a Service (SaaS) is and will continue to be the dominant mode. Currently, about 45 percent of cloud implementations are SaaS; this figure is expected to grow to 59 percent by 2019, and SaaS adoption is particularly widespread among SMBs.

The increasing trust and confidence in public cloud services has contributed, and is continuing to contribute, to the growth in SaaS adoption for mission-critical workloads. More specifically, companies using or considering SaaS are often attracted to the greater level of cybersecurity protection that SaaS providers can deliver, including installations, maintenance, upgrades and patches.

However, there's a rapidly evolving range of threats that SaaS users face on their own side that SaaS providers have no control over. These include ransomware, various insider threats and third-party apps. Ensuring a high level of protection and security for SaaS-based data and apps depends as much on SaaS users addressing these client-side threats as it does on the cybersecurity resilience of SaaS providers. Here, we'll explore these primary threats and offer tips for SaaS users to address them.

Ransomware on the Rise
Ransomware - a form of cyberattack where hackers seize and encrypt data, and demand compensation (Bitcoin) for data to be unlocked - is now the biggest malware threat in the world. Undercapitalized and outgunned small businesses are increasingly the target of ransomware. According to recent research from Kaspersky Lab, 42 percent of SMBs worldwide suffered a ransomware-based attack between late 2015 to late 2016. Of those, one in three paid up the ransom, but one in five never got their files back, despite paying.

SaaS users may initially believe that using a SaaS provider naturally protects them from this kind of attack. Cloud file solutions like Google Drive create a second copy of local data that is stored in the cloud. But this doesn't mean your data is backed up and protected. If you're infected with ransomware, the files on a local hard drive will be held for ransom (by encryption) and any backup copies in Google Drive will be overwritten when the computer is synced. This means the "backup" data is now essentially also being held for ransom.

Proper backup is the only true protection for SaaS users - and all organizations for that matter - to guard against ransomware attacks. One effective technique is cloud-to-cloud backup, which enables data stored in one cloud to be backed up to another cloud. This type of backup can be automated, for maximum ease and resource-efficiency. In the future, we expect backup capabilities to deliver more automated ransomware protection - not just backing up data, but actually identifying ransomware attacks and the impacted files. This will help expedite data recovery and minimize any potential business disruption and downtime.

Insider Threats
Another major security problem today is insiders - according to Verizon, insiders are responsible for up to 90 percent of security incidents. This does not mean, however, that all these insiders have ill intentions. Most insider-driven security breaches are committed by innocent workers who are unaware they're actually doing something wrong, and creating major risks.

Consider an employee who moves sensitive data from a SaaS application to their personal iPad, or even their personal email address, in order to work on it at home. Their aim is good - to be more productive - but practices such as these can be hazardous. In the simplest example, this employee may lose their device and it may fall into the wrong hands. Or, the employee may switch jobs and go to a competitor, and then have full access to this SaaS data via their personal email account.

To address these threats, organizations should instill a culture of security and implement training on how employees can avoid certain practices that inadvertently create risk - from sharing passwords, to clicking on suspicious email links, to downloading and sending data to personal devices and email accounts. As the Ponemon Institute notes, "Good protection starts at the computer."

But given the speed at which most workers are moving today, it is important to supplement this training with automated protections and supports. SaaS users can also benefit from automated solutions that identify and delete risky data sharing practices and alert IT to risky or unusual user behaviors. These types of oversights can help minimize unnecessary risk exposure.

Third-Party Apps
Third-party apps that connect directly to SaaS data and applications are another major threat. Often, employees will download third-party apps - for functions like calendar or messaging, for example - in order to supplement the functionality of their SaaS apps. However, they often do this without express IT permission, a trend known as "shadow IT." Their intentions may be good, but if any one of these apps is backed by a malicious party, that party now has a full-access pass to critical SaaS data and applications.

Consider the case of the recent Gooligan malware, an Android-based malware that has compromised more than one million Google accounts, hundreds of them associated with enterprise users. The infection began when users downloaded and installed a Gooligan-infected app from a third-party app store on a vulnerable Android device. Through a process called rooting, Gooligan then stole Google account and authentication token information and launched a sinister money-making scheme, downloading apps and giving them positive reviews, as well as installing adware to fraudulently generate revenues.

While the Gooligan hackers' ultimate goal proved not to be data theft, they could have inflicted major damage. According to researchers, a total of 86 apps available in third-party marketplaces carried the malware, and collectively they had the power to root 74 percent of all Android phones worldwide. Gooligan was just the latest (and perhaps most eye-opening) example of the potential danger that third-party apps can pose to the security of connected SaaS-based data and applications. Industry research shows that the use of third-party apps within enterprises has increased 30 times over the past two years, and more than a quarter of these apps are risky. Given the acceleration of third-party app downloads - which isn't expected to slow anytime soon - SaaS users should frequently scan third-party applications accessing SaaS systems, as well as "blacklist" and remove any identified as suspicious.

Conclusion
Both SaaS providers and users face a rapidly evolving threat environment, and protection and security of SaaS-based data and applications must be a shared endeavor. SaaS providers have made great strides in their security standardizations, but it is impossible for them to address the range of threats that lie on the client-side, including ransomware, insider threats and third-party apps. SaaS users must assume this responsibility and understand the important role they play in ensuring the security and protection of their own data and apps based in the cloud.

About Dmitry Dontsov
Dmitry Dontsov, CEO of Spinbackup, has wide technology and marketing expertise in the area of cloud apps development and management. In addition to being the CEO and Co-founder of Spinbackup, he is the Co-founder of Bridge and founder of Optimum Web Outsourcing.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Ind...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build ...
Traditional IT, great for stable systems of record, is struggling to cope with newer, agile systems of engagement requirements coming straight from the business. In his session at 18th Cloud Expo, William Morrish, General Manager of Product Sales at Interoute, will outline ways...
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Deve...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE