The document outlines the complexity of IT security in organizations and identifies the top five cyber threats to cloud environments, including account compromises, insider threats, cloud-resident malware, shadow IT, and data breaches. It discusses integrated solutions using Identity as a Service (IDaaS) and Cloud Access Security Broker (CASB) to mitigate these threats through measures like multi-factor authentication, monitoring for unauthorized activities, and proper access control. The document emphasizes the importance of proactive measures and coordination among IT stakeholders to secure sensitive data and applications.

1. Stop Hackers with
Integrated CASB & IDaaS Security

2. Speakers
Brad Pielech
Integrations Architect
Mario Tarabbia
Director of Sales Engineering
@OneLogin@CloudLock

3. Agenda
● IT Complexity Today & Where Organizations Struggle
● Top 5 Cyber Threats to Your Cloud Environment
○ Challenge
○ Solution
○ What You Can Do Now
● CASB + IDaaS - What We Do
● Q&A

4. Increasing IT Complexity
Thousands of employees, partners,
customers, and multiple devices...
Working with many, many apps,
both in the cloud and on-premise.

5. Where Organizations Struggle
Access?
Security?
Cost?
Usage?
Compliance?

6. Top 5 Cyber Threats To Your Cloud
Environment
Data
Breaches
Insider
Threats
Account
Compromises
Cloud-
Resident
Malware
Shadow IT &
Cloud-Native
Malware
Top Cyber
Threats

7. #1 Account Compromises
Source: someecards.com

8. ▪ Login to:
▪ File download using:
▪ Massive file downloads using:
▪ Email sent from:
▪ Export using:
09:03
09:26
10:29
11:46
10:11
#1 Account Compromises

9. ▪ Login to:
▪ File download using:
▪ Massive file downloads using:
▪ Email sent from:
▪ Export using:
09:03
09:26
10:29
11:46
Admin
10:11
#1 Account Compromises

10. Catching,
Stopping & Acting

11. #1 Account Compromises
The Solution - IDaaS & CASB
● Eliminate need for application passwords with SSO & enforce adaptive authentication
● Dig up behavioral anomalies for signs of a compromise
● Develop procedure to remediate when a user’s account is compromised:
Detect
suspicious
activity
Enforce MFA
User proves
identity, access
granted
Attacker cannot
verify identity,
access denied
Enforce
Directory
Password Reset

12. Write down a deprovisioning plan
Tomorrow’s Task:
30
MAR

13. #2 Insider Threats
** CloudLock Cybersecurity Report: The 1%
Who Can Take Down Your Organization

14. #2 Insider Threats
● Louise was refused the promotion she
applied for. Louise quit.
● Before quitting, she downloads all customer
lists and contracts she can find on Google
Drive.
● 18 months later, Louise’s account downloads
2 more contracts.
What This Looks Like
PII

15. Finding the Suspicious and
Taking Action Quickly

16. #2 Insider Threats
The Solution - IDaaS & CASB
● Proactively enforce appropriate access with
IDaaS based on existing AD user groups
● Monitor for employees-gone-rogue by
looking for off-normal SaaS activity
● Take an action - communicate, suspend
access, enforce authentication across cloud
platforms
● Be mindful of dormant accounts from ex-
employees, contractors, and partners.
All Employees:
Sales:
HR:
Finance:

17. Identify the dormant accounts in each
SaaS platform
Tomorrow’s Task:
30
MAR

18. #3 Cloud-Resident Malware
● Bob receives a phishing email from his “boss” asking
him to review a malware infected PDF.
● Bob believing the file is legitimate, saves it to his
team’s folder storage in Sharepoint
● Sharepoint synchronizes the file across all team
member’s devices thereby automatically propagating
the malware.
What This Looks Like

19. Staying Ahead of
the Spread of Malware

20. #3 Cloud-Resident Malware
Proactively enforce
appropriate access
with IDaaS
provisioning engine
Leverage CASB to discover
malware inside SaaS apps
Take an action, remove
malware
Step up authentication
policies
The Solution - IDaaS & CASB

21. Kick off a phishing awareness campaign
Tomorrow’s Task:
30
MAR

22. #4 Shadow IT and Cloud-Native Malware
● Charlie’s organization has more connected
cloud apps than there are minutes in the
year. Some are good, some are bad, some
are ugly.
● Charlie’s colleague authenticates into
“Mocusign” using corporate credentials
● An external 3rd party now has access
Charlie’s Docusign username and password.
● Docusign data and any other applications
accessible with this same set of credentials
are now exposed.
What This Looks Like

23. #4 Shadow IT and Cloud-Native Malware

24. Getting Clear
on the Good, the Bad,
and the Ugly

25. #4 Shadow IT and Cloud-Native Malware
The Solution - IDaaS & CASB
● Audit firewall logs in CASB
● Audit oauth connected apps in CASB
● Review Unsanctioned App Ratings
○ Detect, block & blacklist malicious apps
○ Ensure low-rated apps are not
provisioned within IDaaS
● Sanction productivity apps and provision
access in IDaaS
** CloudLock Cybersecurity Report: The
Extended Parameter

26. #4 Shadow IT and Cloud-Native Malware
** CloudLock Cybersecurity Report: The
Extended Parameter
The Solution - IDaaS & CASB
● Sanctioned Apps
○ Monitor for license compliance and
bandwidth
● Eliminate app passwords with SSO and set
up automatic app access permissions
rules and mappings based on user roles
and groups

27. Audit Top 250 apps on firewall logs
Tomorrow’s Task:
30
MAR

28. #5 Data Breaches
** CloudLock Cybersecurity Report: The Extended Parameter

29. #5 Data Breaches
● Francisco accidentally shares the company’s
upcoming product design files to Matthew’s
personal email address instead of his
corporate account.
● Matthew’s personal address may get hacked
● Matthew may leave the company tomorrow
● Francisco will never realize such sensitive
data is exposed
What This Looks Like
Personal Account
Hacked
App/Access
Locked Down
Unknown
Sent files to
personal email

30. Protecting
Sensitive Data from
the Next Breach

31. #5 Data Breaches
The Solution - IDaaS & CASB
● Leverage IDaaS to ensure appropriate
entitlements for applications with sensitive data,
restricting access via intelligent SAML
configurations
● Leverage CASB to detect and remediate
improperly shared data
● Selectively encrypt data
● Tie CASB and IDaaS security policies for
immediate mitigation of suspicious behavior
Policy Apps

32. Tomorrow’s Tasks:
30
MAR
Get all business owners
in a room to redefine
what is sensitive.
Educate end users
on safe sharing.
Do’s & Don’t.

33. Lessons Learned
IDaaS and CASB together enable a complete sanctioned IT solution
● Be proactive against the top 5 cyber security threats
● IDaaS and CASB protect both admins and end-users
● CASB identifies misuse of services
● IDaaS enables easy access to all sanctioned applications, based on user
permissions - e.g. enables HR to do HR tasks without IT friction

34. Questions?
bit.ly/onelogin-cloudlock
● Try OneLogin for Free
● Get a Free Cloud Cybersecurity Assessment
● See a CloudLock + OneLogin Integration Demo
● Read Our White Paper

35. Thank you +