Welcome!

@CloudExpo Authors: Yeshim Deniz, Elizabeth White, Liz McMillan, Pat Romanski, Carmen Gonzalez

Related Topics: @CloudExpo, Agile Computing, Cloud Security

@CloudExpo: Blog Post

How to Combat Security Cracks Created By Collaboration | @CloudExpo #Cloud #Cybersecurity

The number of cyberattacks will grow as employees increasingly use collaboration tools to maximize their company’s productivity.

How to Combat Security Cracks Created By Collaboration
By Ram Vaidyanathan, ManageEngine

Cybercrime costs the global economy as much as $450 billion each year. And, the median cost of cybercrime has increased by nearly 200% in the last five years.

Meanwhile, collaboration has become the cornerstone of successful organizations. But collaboration often comes with a risk. The number of cyberattacks will grow as employees increasingly use collaboration tools to maximize their company's productivity. This is because these tools can provide new points of entry for hackers looking to cause damage. This issue could become more serious as we will see more radical collaboration tools in the days to come. Fortunately, there are always going to be readily available solutions.

Here are three ways in which an organization's security can be compromised due to increased collaboration.

1. A wolf in sheep's clothing: Companies collaborate with suppliers, vendors and customers in the cloud every day. Consider this scenario: A supply chain executive receives an automated weekly email with an MS Excel file from their logistics partner, giving the estimated time of arrival for products. A cybercriminal somehow discovers this practice. The criminal then impersonates the logistics partner by using a similar email address. The executive doesn't notice and downloads the attachment - an executable (.exe) file masked as an MS Excel file. When the executive opens the file, a wolf in sheep's clothing enters the company's network to steal trade secrets, financial data, and customer information. This modus operandi, called spear phishing, is popular globally. By some estimates, 91% of all attacks begin with spear phishing.

2. A betrayal: With the advent of bring your own device (BYOD), collaboration has become fairly common. Employees can now access work files while away from the office and increase their productivity. On the other hand, disgruntled employees can easily expose information or even sabotage company files. What if an employee who is about to join a competitor were to print customer contact details from a remote location? And what if this employee took this information to the new workplace? This betrayal could lead to the company losing its competitive edge.

3. A foreign adversary: Even governments are not immune to cyberattacks from foreign state-sponsored adversaries. Government employees may visit certain websites frequently to collaborate with employees from other departments or with their citizens. Malware placed on these sites could exploit vulnerable endpoints and compromise the devices of any visitors. Malware can also morph into more serious advanced persistent threats (APTs) that can lurk in the victim's system for a long time. This way, these adversaries could secretly keep a tab on issues of national security and international policy. When governments can face such threats, businesses are all the more at risk.

To fight data breaches and defend their business, organizations must protect all entry points. Here are few ways in which organizations can defend against each of the threats identified above.

1. Guarding the door: Application white listing, a method of checking applications against an approved list, is effective against criminals in disguise looking for an entry point. If an unknown program tries to run, it will be barred. This is very effective against spear phishing attacks. In addition, a log management system would help to collect logs on failed access attempts and decipher whether or not they are attacks.

2. Guarding from inside: A privileged password management process can help organizations protect against insider threats. All privileged identities and passwords are stored in a centralized vault and only approved devices are allowed to access information from remote locations. Furthermore, companies can video record all sessions, whether on-premise or remote, for a complete record of all actions.

3. Defending against international threats: Software applications that analyze packet flow can detect malicious traffic hitting the network in real time. In case of a sophisticated attack, the company can immediately view the offender's IP, the severity of the attack and the time of the attack. A detailed forensic investigation will enable the company to detect patterns and identify the source of unwanted intrusions.

In the present age of heightened collaboration, the risk of cybercrime is very high. Organizations need to defend against techniques such as spear phishing, malware and APTs, among others. Application white listing, privileged password management and network behavior anomaly detection are just three modes of defense.

And what happens in a future of radical collaboration tools?

Future collaboration tools will be even more powerful. For example, the combination of holography and brain decoding technology may create a society in which people have meetings between their virtual selves in the office. What if a cybercriminal impersonates a CEO's virtual self and compromises the business by giving wrong instructions during a meeting?  In a scenario like this, even if a criminal were somehow able to project the CEO's hologram inside the office, the ICT team could detect the deviation if there were inconsistencies with the CEO's known logic. There is no doubt that the future holds endless possibilities for collaboration, which we know to be integral for business success. We just need to make sure our security technology is well equipped to handle it. However sophisticated the attacks in an age of increased collaboration, a proactive ICT team will always prevail.


Ram Vaidyanathan is an IT evangelist at ManageEngine, the real-time IT management company. Ram closely follows emerging industry trends and is a frequent blogger on technology topics. His main interest is in the impact of the Internet of Things on IT management. He has an MBA from the Schulich School of Business.

More Stories By ManageEngine IT Matters

ManageEngine believes IT management can be simple and affordable. Our authors share insights and how-to tips for SMBs and large enterprises. Over 120,000 companies around the world – including three of every five Fortune 500 companies – trust our products to manage their networks, data centers, business applications, and IT services, and security. We take a straightforward, customer-centric approach to IT management software. Our customers' needs drive our product philosophy. And we've built a strong, in-house R&D team to support our product team and turn customer requests into product realities. We look forward to hearing from you.

@CloudExpo Stories
SYS-CON Events announced today that Carbonite will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Carbonite protects your entire IT footprint with the right level of protection for each workload, ensuring lower costs and dependable solutions with DoubleTake and Evault.
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs oft...
One of the biggest challenges with adopting a DevOps mentality is: new applications are easily adapted to cloud-native, microservice-based, or containerized architectures - they can be built for them - but old applications need complex refactoring. On the other hand, these new technologies can require relearning or adapting new, oftentimes more complex, methodologies and tools to be ready for production. In his general session at @DevOpsSummit at 20th Cloud Expo, Chris Brown, Solutions Marketi...
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, will motivate why realizing the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insigh...
As cloud adoption continues to transform business, today's global enterprises are challenged with managing a growing amount of information living outside of the data center. The rapid adoption of IoT and increasingly mobile workforce are exacerbating the problem. Ensuring secure data sharing and efficient backup poses capacity and bandwidth considerations as well as policy and regulatory compliance issues.
DevOps at Cloud Expo – being held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real r...
SYS-CON Events announced today that Cloud Academy will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud computing technologies. Ge...
SYS-CON Events announced today that Outscale will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outscale's technology makes an automated and adaptable Cloud available to businesses, supporting them in the most complex IT projects while controlling their operational aspects. You boost your IT infrastructure's reactivity, with request responses that only take a few seconds.
The 21st International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
SYS-CON Events announced today that Interoute has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Interoute is the owner operator of Europe's largest network and a global cloud services platform, which encompasses over 70,000 km of lit fiber, 15 data centers, 17 virtual data centers and 33 colocation centers, with connections to 195 additional partner data centers. Our full-service Unifie...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs ofte...
SYS-CON Events announced today that Hitachi Data Systems, a wholly owned subsidiary of Hitachi LTD., will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City. Hitachi Data Systems (HDS) will be featuring the Hitachi Content Platform (HCP) portfolio. This is the industry’s only offering that allows organizations to bring together object storage, file sync and share, cloud storage gateways, and sophisticated search and...
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @ThingsExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.
We all know that end users experience the internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices - not doing so will be a path to eventual ...
While presenting own advanced Robo-Advisory Platform, Michał Różański, Managing Partner at EARP and CEO at Empirica, will illustrate the most important issues of building tailored FinTech software in his session at 20th Cloud Expo. He will share experiences we have gained for over 6 years of developing solutions for financial institutions and FinTech companies, including robo-advisors. We welcome all FinTech innovators interested in how properly implemented technology can move their businesses f...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo Silicon Valley Call for Papers is now open.
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore t...