The SolarWinds hack of December 2020 has deeply reinforced the growing realization amongst security practitioners that risks can spread easily across trusted applications in today’s multi-cloud, collaboration-centric environment.
The fact that the initial hack leveraged a compromised Office 365 email account, and then subsequently allowed attackers to compromise accounts of targeted SolarWinds personnel in business and technical roles, clearly highlights this issue and the need for related best practices to thwart similar campaigns.
What’s the big picture takeaway?
As noted by many experts, the SolarWinds attack is “unprecedented” as it directly sought access to cloud-based services as a primary objective. Owing to the inherent nature of “trust” as well as risks in the multi-cloud environment, the involved attackers successfully targeted authentication systems on the compromised network that provided access to Office 365 accounts used by government bodies and private third parties without tripping any alarms.
With this subversion of Office 365, the attackers thereby gained access and could have accessed all kinds of sensitive data (personal, financial, confidential) – including email credentials, business information, and active services. As new facts continue to surface, it is important to understand the related security risk footprint, an attack surface increasing due to the inherent “‘connectedness” of cloud applications, in general.
What are the key steps to better safeguarding Office 365 and cloud applications?
As we have been seen, native cloud controls are often insufficient for countering sophisticated cyberattacks, especially as today’s organizations adopt dozens, if not hundreds of individual cloud and SaaS applications. Managing security and compliance across all of these individual applications and the data they hold is no simple task.
The following best practices are suggested to tackle security gaps across Office 365 and other connected clouds that are typically missed by traditional cloud security and data protection controls:
Looking forward, the challenge of properly securing the cloud environment and related data against supply chain attacks clearly requires an integrated security strategy that delivers stronger and deeper endpoint protection; enforces contextual data loss prevention policies, monitors user and device behaviors, provides visibility into ongoing cloud transactions, and controls access across all cloud applications thereby limiting exposure due to collaboration on the cloud. To learn more about the CipherCloud platform and its purpose-built capabilities for securing your Office 365 cloud environment, download this whitepaper or contact us here.
OR CALL 1-855-524-7437