Protect the chain as data flows from the keystroke to the cloud

Data is at risk from the second that a key is pressed on an endpoint to the point when it reaches the corporate cloud and is stored. In fact, the most vulnerable point in the entire process is at the very beginning when the user presses a key, and this is where protection needs to be prioritised.

The growth in remote working in recent months has highlighted weaknesses in the security chain, not least in unmanaged devices which are being used to remotely access networks. Data in an organisation’s cloud could be fully secured, but with a keylogger installed on an endpoint laptop which has lower security posture, an attacker could have full access as the user logs-in and to everything the user enters at the keyboard or displays in a local application. This is why, along with spyware, keylogging malware has been ranked as the highest threat.

When thinking about securing the data flow in the corporate cloud ecosystem CSO’s should start at the beginning and examine all the threats starting from the moment a user presses a key.

There are three phases to consider:

  • From the keystroke to the application – Kernel-level keyloggers are notoriously difficult to identify and deal with and require solutions that specifically protect the data being entered
  • Data in the application – At this point the danger moves to screen capture, DLL injection and Man-in-the-Browser attacks and a range of preventative measures can be taken here from anti-screen capture methods, containerisation and secure, locked-down browsers.
  • Transmission to the cloud – Whether a document is being saved or a website is submitted, the main threat is Man-in-the-Middle. Attacks of this sort are less common, but encrypted protection mechanisms do ensure transmission in well secured.

To find out more about protecting each of these phases and securing data once it reaches the cloud for processing or storage, please read the full article at SC Magazine. Given the vulnerabilities of systems as a result of remote networking, security must be prioritised and it is important to start with an understanding of what is needed at each stage from the first keystroke until data reaches its cloud destination.

Leave a Reply

%d bloggers like this: