Clamor for cloud apps increases corporate data breach risk
Vendor analysis of network and application traffic shows poorly managed remote access tools and traffic flowing outside port 80 are rampant.
January 17, 2012 — CSO —
Employees bringing in their own devices and choosing their own application services is significantly increasing the risk to enterprise data.
That's the takeaway of a recent analysis of network and application traffic of more than 1,600 organizations conducted by security vendor Palo Alto Networks.
This so-called consumerization of IT -- where employees want to use the same sleek mobile devices for both business and pleasure -- is making the complex task of securing corporate data even more daunting.
Interestingly, Palo Alto Networks' traffic analysis found that security and network managers who believe they can reduce most of their risk by focusing on analyzing traffic flowing with port 80 are making a dangerous miscalculation.
It's a view that's justifiable because so many services do rely on port 80. However reasonable, the view isn't accurate. Palo Alto Networks' analysis showed that 413 (35 percent) of the 1,195 applications evaluated do not use tcp/80. "This means that if an organization chooses to take the path of fortifying and protecting only tcp/80, then they risk missing the bulk of the traffic and the associated security incidents," the study concluded.
Many applications, such as audio streaming, games, instant messengers, webmail and others also use port 443, or hop across many ports as part of their normal routine. "It's clear that employees want to use the software and tools that they want to use, and this is making securing corporate data much more difficult than it already is," says Mike Rothman, analyst and president at security research firm Securosis.
Another danger the report highlighted included remote access control applications. This class of software makes it easier for IT to support systems, but "they have also become commonplace for IT savvy employees to use as a means of bypassing security controls and cybercriminals are taking full advantage of this pattern," the report found.
There has been a recent, highly-publicized, incident that proves the point. Last month four Romanians were charged with hacking point-of-sale systems used at Subway restaurants and allegedly stealing $3 million USD. According to the Department of Justice, the attacks included the port scanning of stores' systems for open ports with remote access tools running. The defendants then allegedly would crack the passwords. In Palo Alto Networks' analysis, an average of eight remote-access applications were found in 96 percent of organizations.George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter at @georgevhulme
Read more about data protection in CSOonline's Data Protection section.
Other stories by George V. Hulme