How machine learning can secure corporate data in the cloud
16 August 2018
Anurag Kahol, CTO at Bitglass, discusses the limitations of traditional security tools when it comes to cloud security and explains how modern technologies such as machine learning can be used to significantly improve data-protection for any business.
The shift to digitalisation and the increased use of cloud applications have significantly raised the stakes when it comes to cybersecurity. Today, company data is effectively accessible anytime and anywhere. When employees have this flexible access to corporate information, it does enable enhanced agility within the organisation; however, it also increases the risk of data leakage via threats like malware. Unfortunately, traditional cybersecurity tools are not built for this new, dynamic landscape. As such, the enterprise needs to adopt modern solutions capable of securing data in the cloud.
Also of interest: Can we collaborate better in cyber security by studying the dark side?
Exploring the cyber vulnerabilities
Mobile device management (MDM) forms the cornerstone of many businesses’ mobile data security programmes, but this can’t deliver the level of security needed for a modern cloud environment by itself. Simply managing end user devices cannot deliver complete security. This is primarily due to the rise of bring your own device (BYOD) and mobile apps. Together, these enable employees to access company applications outside of working hours through personal and third-party devices. Unsurprisingly, cybercriminals are using this multitude of devices in order to attack company data.
The recently introduced General Data Protection Regulation (GDPR) places significant obligations on organisations to protect their data in the cloud, however, users will often fail to insulate their personal devices from threats such as malware. When infected BYO devices access corporate applications, malware can quickly spread throughout a network and infect the entire enterprise. Many public cloud providers try to counteract this by offering users basic cloud threat detection capabilities as part of their offering. However, these tend to be very limited in their effectiveness, relying on scanning files for already known malicious files and threats.
During a recent security study, the Bitglass Threat Research Team used ShurL0ckr, an unknown variant of the Gojdue ransomware, to test the built-in malware protections of Google Drive and Microsoft Office 365. Despite the fact that these popular cloud tools were aware of the malicious Gojdue, neither application was able to identify ShurL0ckr as malware. In other words, their defences failed when faced with an unknown threat (even though it was based on an existing, known threat).
Many similar anti-malware mechanisms continue to be based on a reactive security approach whereby files are scanned for signatures associated with known threats. This methodology is incapable of detecting unknown, zero-day threats. As such, relying upon such mechanisms increases the likelihood that an enterprise will fall prey to an attack.
Also of interest: Advancing Machine Learning Beyond the Hype
Data-hungry guardians of the cloud: machine-learning algorithms
When it comes to securing data in the cloud, companies now face a multi-faceted challenge that features flexible data access as well as large numbers of users and devices. Complicating this situation further is the fact that hackers are growing in sophistication – their malware is evolving quickly and continuously. To address all of these risk factors, enterprises require agile, adaptive, robust protections.
One such example is the growing use of machine learning technology in cloud security solutions. Already used in speech-recognition software and ERP systems for data management, machine learning algorithms are now being leveraged in cloud security solutions in order to enable enhanced threat detection and real-time security.
Rather than searching for the signatures associated with known malware, machine learning performs an extensive property and behaviour analysis in order to detect threats and automatically apply pre-defined responses. If a file is classified as a probable threat, it can be blocked as it is uploaded to the cloud or downloaded to a device. This provides an integrated security approach for corporate data across every cloud application and device utilised throughout an enterprise, including BYODs, reducing the threat of infection and data theft.
Machine Learning is ideal for high data volumes and high traffic cloud environments
Next-generation machine-learning algorithms are ideal for the cloud-first world because large data volumes are the most important condition for their reliability. These ‘intelligent’ solutions are able to take in high volumes of data from high-traffic environments, acquiring the experience necessary to make the right decisions and take the appropriate actions in a variety of scenarios. In other words, as these tools are presented with more and more information, their accuracy drastically increases.
This makes the use of machine learning the logical response to the growing amount of data and the ever-evolving threats that are found in the cloud. Enabling organisations to securely adopt any cloud application, machine-learning solutions can help secure data despite advanced malware, ill-advised user behaviours, and an endless number of unsafe devices. These solutions offer a highly responsive approach that automates security and marks the next step in the enterprise digitalisation process.