Dangers of using Cloud Storage Services and Website Transfers

A small company had moved staff off-site during COVID, with most staff working remotely from home four days of the week. The company had a VPN for remote support work, and this was utilized by staff working from home. Having never being designed to support all staff working remotely, the VPN was now carrying nine times it’s previous peak data load. Data speeds plummeted and staff became frustrated. As a solution, staff began to use (without permission) Dropbox and other cloud solutions, streaming files and data to the service while in the office, then working on those files from home.

Australian Defence strongly encourages, or depending on the sensitivity of data mandates, keeping all defence related data within Australian Jurisdiction. The use of personal cloud goes against this as data held by free services can be located anywhere globally.

For a final check the company's IT then contacted the cloud provider's Tech Support to see if it was possible for users to restore the deleted files using other means. To the company's horror, the cloud provider's Tech Support assured the company's IT that all the missing data could be restored from their “Archival Backup”, through a process triggered by Support. This process work and restored all the files uploaded to the cloud over the past last two years, demonstrating that once data is transferred to the Cloud it can never be securely deleted. The company had the difficult job of explaining this incident to their PRIME contractor.

The company now uses GuardWare INSIGHT to monitor and prevent staff from uploading files using any non-authorised cloud, web, email or chat application.

Risks mitigated by GuardWare INSIGHT

Cloud Services are often Trans-National
Cloud Services are often Trans-National In the Defence industry, data covered by International Traffic in Arms Regulation (ITAR), or Export Administration Regulations (EAR) must be rigorously secured and its access controlled. The reach of ITAR and EAR regulations is extensive and ever-lasting. Cloud services, by their very nature, are not limited to a specific geographic or geopolitical domain. If controlled technologies covered by ITAR and EAR were to cross borders through the use of such a storage medium, there would be severe legal implications for those involved. Heavy fines are certain, with criminal prosecution a possibility!

Unauthorised Access by Rogue Employees
Use of Cloud applications to transfer information is a method commonly used by rogue employees to bypass network security.

Unauthorised Access and loss of Information
Due to Compromised Credentials. As a personal Cloud account, its security is its users responsibility, rather than that of the employers IT team. If the user is careless with their credentials, are in the habit of using the same password for multiple diverse accounts (Password Re-Use), or the service is compromised...then the security of that account could be breached.

Unauthorised Access by Ex-Staff
Applications like Dropbox, Box, OneDrive and Google Drive sync files to ANY device where a user is logged into either the application...or its web portal. This may include all of the users personal devices, or even worse, devices belonging to another company. The Cloud service accepts connections from whomever is nominated by the account holder, meaning there may be an audience of one...or one hundred! Every connection to the account may be set to sync with the local devices storage...which may mean a hundred instances of the data exist, not just one.

What Goes To The Cloud, Stays In The Cloud!
As previously noted, information shared to Cloud services must practically be considered immortal. Only the Cloud account owned has the ability to "delete" data...but that data cannot be considered properly deleted due to the legal safeguards employed by the Cloud service.

More Case Studies

Malicious Event Personal USB vs Company USB

When confronted by the IT team, the employee initially claimed to have returned the company USB, unaware that INSIGHT had logged his use of a personal USB as well.

SharePoint Malicious mass downloads from Sensitive Folder to user’s personal
device.

INSIGHT flagged this suspicious activity, and an investigation confirmed that the data had indeed been transferred.

SharePoint Exposure of Customer Data by Law firm – Human Error

In response to this breach, the firm reconfigured INSIGHT to send high-priority alerts directly to both IT personnel and the individual users responsible for risky actions.

Stored Passwords detected by INSIGHT by Company’s MSP having admin rights.

GuardWare INSIGHT’s data discovery scan detected the stored password file, prompting immediate deletion.

Scans revealed stored Customer data including bank account info in AWS DevOPs environment.

GuardWare ASSESSOR revealed stored customer data in log files on developers’ devices and in their AWS environment, as well as the unsafe sharing practices.

Outsource Developers of a financial institution detected exposing Financial APPs source code and company’s IP.

With INSIGHT, they can safely re-enable forum access, confident that any unauthorized source code postings will be promptly detected and addressed.

Productivity Monitoring WFH compared with Office

To address these concerns, the company deployed GuardWare INSIGHT’s productivity monitoring features to track work behaviors accurately.

Rogue Network

Security discovered that an employee had used system roll-back during this period, in an attempt to remove the GuardWare INSIGHT Agent from the system.

Dangers of using Cloud Storage Services and Website Transfers

GuardWare INSIGHT monitors and prevent unauthorized file uploads across cloud, web, email, and chat applications, ensuring their data stays secure and compliant.

Corporate Email Risk - Email forward to user’s Personal Email resulted in serious theft of sensitive PII data

GuardWare INSIGHT flagged the incident. The software’s AI detected the email forward to a personal account and scanned the attached file, identifying the sensitive content.

WFH Risks including VPN misuse

investigation with GuardWare INSIGHT revealed that users were frequently turning the VPN on and off. The university adjusted the configuration to ensure the VPN remains active at all times.

Malicious Insider in a Recruitment Firm – Data exfil by a Director

GuardWare INSIGHT showed that the data exfiltration occurred while the user was connected to the company’s Wi-Fi, proving the laptop was in his possession at the time.