Save Your Cloud Data from Vengeful Ex-employees

By Harold Bell
| min

When we think about protecting data in the cloud, it’s usually in defense from bad actors outside of your organization. One thing we overlook is just how quickly an employee can become a bad actor once they leave the company. Take the latest news from the UK for instance with a digital marketing and software company. Though the actual incident took place in 2017, an ex-employee deleted 23 of the company’s AWS servers, and was convicted this year. The incident cost the company roughly $700K in business and  the ex-employee two years behind bars. Though the employee’s departure wasn’t voluntary, you should create an action plan for anyone with sensitive access – exiting or not.

With that said, protecting your organization’s data from ex-employees should be prioritized in your cloud security plan. What is the exit protocol? Who is responsible for collecting company-issued devices? How soon after their departure are their accounts disabled? These are all important questions your organization should have an answer to. Once an employee leaves, you need to account for: their physical access to company properties, hardware devices, software access, company-issued credentials, and any services they receive on behalf of your company.

What about protecting cloud data from current employees?

This is also paramount for a couple reasons. The first being that it limits the amount of exposure in the event an episode of this kind takes place. It also makes removing access and credentials at the time of departure easier – in some cases automatic. To ensure the security of your infrastructure and data, it is important that you design a strong RBAC (role based access control) strategy along with a directory service to manage centralized access. Build policies to ensure that your staff has the least privileged access for what they need to access. Enact need-based access policies so employees get access to specific resources only for a limited time and access expires after a certain duration. Perform regular audits on a quarterly or yearly basis, according to your business requirements, to ensure that only valid users exist in the system.

What else should you do to protect your cloud data?

Well, we’ve established there are very tangible risks to your business if employee access is left unchecked. We’ve addressed how this impacts your overall security plan and approach. But is that really all it takes? The honest answer is no. You’ll actually need one more thing to reduce your exposure to data vulnerability – and that’s automation.

But investing in automation requires more than a ‘spray and pray’ mentality. Your cloud security arsenal should be a collection of tools working in harmony to protect against vulnerabilities. The key is investing in a proven solution that is continuously updated and improved by experts with years of experience. And that’s why I’d like to introduce you to Nutanix Beam.

Beam automates cloud security compliance using 250+ audit checks. You can identify security vulnerabilities in real-time, using policy based automation to resolve potential threats before they become concerns. Beam helps you certify and maintain compliance with regulatory policies such as HIPAA, ISO, PCI-DSS, CIS, NiST and SOC-2. With Beam you gain complete visibility, optimization and control over your cloud consumption to help ensure cost governance and security compliance.

Now let’s see how Beam would’ve stacked up against this situation. Below I’ll discuss the three key security breakdowns and how Beam would have addressed them.

1. “There was no multi-factor authentication”

Often referred to as 2FA, two-factor authentication provides an additional security layer for cloud services by requiring users to submit a unique code or sequence that is received as a text message or provided by an authenticator app. There are many authenticator apps currently available and each follows an open standard for generating time-based disposable passwords. Most cloud services offer the feature and enabling it is fairly simple. You simply link your account with a designated device and the validation code will continue to be sent to that particular device for future logins. The hacker actually stole credentials from another account that was an active employee – something less likely with 2FA.Beam would’ve identified and flagged if any of their servers did not have 2FA enabled. It includes a security check that monitors for exactly that vulnerability. In this particular case, it’s unknown if 2FA was on their radar prior to or only after the mishap. Regardless of either scenario, Beam would have been there to alert them of the potential threat.

2. “Lock the door after employees leave by shutting down their accounts"

Beam would have identified and flagged what accounts that have admin level access and are lying dormant – say in the instance an employee was fired. Someone would still have to manually remove admin access from that account but the organization would be alerted.

3. “The company reportedly was never able to claw back the deleted data”

Beam includes enterprise disaster recovery compliance. Built-in DR compliance helps  identify business risks and build a resilient cloud DR process for data compliance. Beam  would’ve flagged if the data on a server has not been backed up for X number of days but can’t do much if they also delete the backup along with the server.Pretty impressive right? We think so too. I’d like to give you an opportunity to experience the greatness that Beam is. If you’re interested, enjoy a free 14-day trial of the platform to test it out. Protect your data, your reputation, and ultimately your business.

© 2019 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and the other Nutanix products and features mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s).