Keeping sensitive cloud data secure using machine-learning techniques

Published: Friday, 24 August 2018 07:38

As organizations move growing  volumes of data to the cloud, cyber security strategies need to be augmented with next-generation machine learning technologies that boost threat-protection capabilities says Anurag Kahol.

The increasingly digital nature of modern business has had a marked impact on both the importance and difficulty of effective cyber security. Cloud computing technologies in particular, have seen explosive growth in recent years as businesses realise the pivotal role they can play in delivering anytime, anywhere, access to corporate information. However, their adoption can also significantly increase the risk of data leakage or theft unless effective security measures are put in place as well. Unfortunately, traditional cyber security tools weren’t built for this kind of dynamic environment, meaning they fall short of the protection required to keep cloud data safe. Modern security issues require modern solutions designed specifically for these new challenges.

Device management isn’t enough 

Mobile device management (MDM) forms the cornerstone of many businesses’ mobile data security programmes, but this can’t deliver the level of security needed for a modern cloud environment by itself. A major factor is the growth of bring your own device (BYOD) initiatives and mobile apps, which allow employees  to access company applications and information through personal devices. When implemented well, BYOD can improve business agility and lower IT costs, but when implemented badly, it can greatly increase vulnerability to cyber threats by introducing numerous unsecured devices to the network with direct access to the cloud. Perhaps unsurprisingly,  many cyber criminals are now focussing on vulnerabilities created through poorly managed BYOD programmes to infiltrate business networks and steal their cloud data. 

The recently introduced General Data Protection Regulation (GDPR) attempts to address this by placing significant obligations on organizations to make sure cloud data is properly protected. However, when users refuse or fail to properly insulate their personal devices from threats like malware, this can quickly become very difficult. If an infected BYO device is used to access corporate applications, malware can quickly spread throughout an entire enterprise. 

Many public cloud providers try to counteract this by offering users basic cloud threat detection capabilities as part of their offering. However, these tend to be very limited in their effectiveness, relying on scanning files for known threats. As such, they are usually incapable of detecting unknown, zero day threats. A recent security study by Bitglass used  ShurL0ckr, an unknown variant of the Gojdue ransomware, to test the  built-in malware protections of Google  Drive and Microsoft Office 365. Despite both tools being aware of Gojdue, neither could identify ShurL0ckr  as malware, even though it was based on an existing, known threat. 

These kinds of reactive anti-malware security models are becoming increasingly redundant in the modern security landscape. As such, relying upon such mechanisms leaves business extremely vulnerable.

Effective security solutions must evolve alongside threats

Trying to combine flexible data access across a large number of users and devices with robust cloud security is no mean feat. Add in the fact that hackers are getting more determined and malware is becoming more sophisticated, and the picture becomes quite bleak. However, while malware is becoming more sophisticated, so too is security protection and there’s a growing number of agile, adaptive and intelligent offerings now available to businesses of all sizes. 

One such example is the growing use of machine learning in cloud security solutions. Already a key component of  speech-recognition software and ERP systems for data management,  machine-learning algorithms are now being leveraged to enable enhanced threat detection and real-time cloud security. Rather than searching for the signatures associated with known malware, machine learning performs an extensive property and behaviour analysis  to detect threats and automatically apply pre-defined responses. If a file is classified as a probable threat, it can be blocked at the point of upload to the cloud or download to a device. This provides an integrated security approach for corporate data across every cloud  application and device, including BYOD devices, greatly reducing the threat of infection and/or data theft. 

Next generation security for a cloud-first business approach

Machine-learning algorithms are perfectly suited to the cloud-first business approach because the large data volumes typically found within them play a key role in increasing their reliability over time. The more information they can take in, the more reference points they have with which to make future decisions and take appropriate action in different security scenarios. 

This ability to constantly evolve makes security solutions based on machine-learning ideal for combatting the growing number of threats against data in the cloud. Not only can they protect against advanced malware, unsecured devices and dubious user behaviour, they offer a highly responsive, automated approach to cloud security that helps safeguard the path towards digital transformation, which is pivotal to the future of so many businesses 

The author

Anurag Kahol is CTO at Bitglass.