The bad news: All your security spendings are wasted. More and more applications become cloud-based and are often left widely open due to lack of security awareness.
The good news: The security levels can be improved dramatically with little effort. Read this simple tip and boost your cloud security knowledge.
Any IT administrator will tell you that it’s important to protect your IT environment against unauthorized access. Typically security measures are username/password, firewalls, encrypted network traffic etc., but once you have the correct credentials access to company data is trivial.
Users’ basic cloud security knowledge are limited. They are instructed that it’s important that they choose a “strong” password and if you’re extra precarious you may even implement some sort of routine that expires old passwords and requires the user to choose a new once a month. But all the effort may be of little use.
The big cloud security gap: Machine left unlocked by the user
Once a user supplies needed credentials to login to a computer that session has access to locally stored data and any network resources available. This is required if the user is supposed to read emails, create documents and anything else we use computers for. The computer has no way to tell if the user in front of the monitor, keyboard and mouse really is a person it should trust – credentials was provided and access granted. Only revoked once the user logoff until then information flows at the command of the user.
But what happens if the user leaves the computer without doing a logoff – which many do? Anybody with physical access to that computer may take advantage of the logged in session – assume the identity of the person who logged in. Most has seen the prank email sent in your name to colleagues inviting them to stop by for a slice of that delicious cake you just bought. Harmless, but you are spending all that money on security because you want to protect against the malicious person that may take advantage of the granted access, right?
Screensaver to the rescue
A simple and available solution is to use the build in screensaver found on any operating system. Simply deny unauthorized access by activating the screensaver when the computer is left idle for a short period being 5 or 10 minutes.
Important is it that once the keyboard or mouse is touched again the user should be prompted to re-enter password before the screen unlocks. While this method isn’t 100% secure, since there is a short period between the user leaving the machine and until the screensaver kicks-in, it’s much better than leaving the computer free to use throughout the night. A left behind computer may not be that big of a problem during the daytime. Other employees would probably notice a suspicious person taking advantage of the machine. It’s during times when the office is vacant you should worry. Typical hours where cleaning people or others having access to your office that’s the real problem.
Data collected by the Panorama9 system shows that on average 23% of a company’s computers are kept turned on during night times. Out of these 23% of the computers being left turned on a mere 58% are left behind with neither an enabled screensaver or with a screensaver without password protection to unlock the screen. So anybody who’s able to walk up to any of these computers has the exact same rights as the logged in user.
Using Panorama9 you can easily spot and get notified about these computers. Panorama9 will track when the computer is idle and wait for the screensaver to become active and furthermore check if it will prompt for a password. Through the Panorama9 MSP dashboard you can list computers that doesn’t comply and if required immediately be notified by email or SMS as soon as it happens.
To get an overview of computers in your network that are left unlocked simply sign in to the Panorama9 Dashboard and list any Compliance Behavior issues or create an issues report list to view how big of a problem this has been over time.
Use MS ActiveDirectory to enforce a secure screensaver policy
If walking up to each and every machine in your network and do the required screensaver configuration isn’t an option then using MS ActiveDirectory is perhaps a better solution. Through a MS ActiveDirectory Group Policy you can in one blow configure all the machines in your network.
Use the [Group Policy Management] tool to create a new GPO or add to existing and apply it to the machines in your network. Should any computer fail to implement the GPO be sure that Panorama9 will lookout for you and report problems.
It’s as sample as that. For more tips and cloud security knowledge, please subscribe to our blog.