Migrating to the cloud is complex. One of the biggest concerns is a loss of visibility on data in the cloud; and this concern only grows with increasing regulatory requirements. GDPR, coming into force in less than 3 months time, is a case in point.
Cloud access security brokers (CASBs) can improve visibility and control, but aren’t necessarily tailored to a specific cloud. Today, McAfee announced the first product resulting from its purchase of Skyhigh Networks, finalized in January 2018: the McAfee Skyhigh Security Cloud for Azure.
“Moving applications, data and workloads to the cloud exposes enterprises to new threats and risks,” explains Rajiv Gupta, SVP of McAfee’s cloud security business unit. “At the same time, the adoption of cloud allows organizations to transform their business. This is why we are on a mission to make cloud the most secure environment for business. The introduction of McAfee Cloud Security Platform for Microsoft Azure is an important step to fulfilling this mission for our customers.”
The new product offers five particular use cases for Azure users: configuration and compliance audit, activity monitoring, threat protection, DLP, and account management.
The configuration element detects misconfigurations in any Azure account. AWS S3 bucket misconfigurations have exposed millions of sensitive records in recent years, and in some cases left the accounts vulnerable to a MITM attack dubbed GhostWriter.
Detected misconfigurations can be corrected using McAfee best practices; CIS benchmark recommendations for Azure; and compliance recommendations for HIPAA-HITECH, ISO, FedRAMP, ITAR, other regulations, or internal compliance policies. “The solution can help with an organization’s attempts to meet the GDPR regulations — that are coming into force in less than 50 working days,” said Nigel Hawthorn, EMEA marketing director at McAfee.
The activity monitoring element provides the visibility that can otherwise be lost in the cloud. It monitors both managed and unmanaged subscriptions, and captures a full audit trail of all activity. “We now have the visibility and control we need to be able to allow access to the cloud-based tools our employees need to be competitive and efficient, without compromising our security standards,” comments Rick Hopfer, CIO at Molina Healthcare.
Threat protection is provided by AI-based user behavior analytics and signature-less, advanced malware analysis. Anomalous user behavior can highlight insider threats and unwarranted privilege escalation; while McAfee anti-malware will detect malware traveling into the cloud, and identify behavior indicative of malware data exfiltration or ransomware activity.
Data loss prevention (DLP) will help prevent unauthorized regulated data from being stored in Azure storage services — which will be critical to maintaining GDPR compliance. McAfee’s content analytics engine can be used to discover sensitive data stored in Azure services, using keywords and phrases, alpha-numeric patterns, file metadata, and more. It “allows us to extend DLP outside the perimeter and into the cloud and the user experience is seamless,” says Mike Benson, CIO at DirecTV.
Account management is provided by McAfee’s central policy engine, which aids the development of policies that can be enforced on new and pre-existing content, user activity, and malware threats. Options include the use of pre-built templates, the ability to import policies from other McAfee customers or partners, and a policy creation wizard to create custom policies to conform with corporate or regulatory requirements.
Security in the cloud is a shared responsibility between the cloud provider and the customer. It is a common failure to recognize this that leads to the misconfigurations so commonly found in AWS S3 buckets. In reality, both AWS and Azure have multiple flexible options for file and folder access — and data protection problems are often based on this flexibility. The new McAfee/Skyhigh Azure solution is designed to remove confusion and apply customer visibility and control into the Azure cloud.