With today's range of communication technologies, even major radio stations supplement their broadcasts over the air with tweets, posts to Facebook and any other venue for social media to help promote their programming and thus grab the attention of their audience however they're staying connected.
While these new avenues are efficient in shooting out up-to-the-minute messages to increase awareness and help the audience become engaged, for security personnel the use of social media opens up a whole new can of worms.
Rocklin, Calif.-based EMF Broadcasting owns and operates the K-LOVE and Air1 radio networks, which combined have more than 700 radio and broadcasting stations across the United States. The company's stations are spread throughout 45 states.
With the phenomenal growth of social media, EMF needed visibility and control over social networking applications used by its personnel. To manage its approximately 500 employees, Juan Walker (left), principal security strategist at EMF Broadcasting, and his 40-member IT team sought to protect cloud applications from unauthorized access and account takeover attacks. “For example, if a radio personality had their social media account compromised this could create a public relations crisis for EMF,” Walker says.
EMF's leading cloud security concern was protecting its brand, says Walker. The prospect of a hacker hijacking a staff member's social media account and posting inappropriate content attributed to the organization could have disastrous effects on its reputation and relationship with its donors, he says.
“Social media challenges EMF in many exciting and unexpected ways,” Walker says. “A small percentage of companies have a documented social media policy and EMF is one of them. We want added protection when engaging with listeners and donors through social media platforms.”
A search began for a technology solution to assist. When he and his IT team were introduced to SkyFence, they thought its cloud-protection capabilities would fit into their social media protection strategy. “The cost per user really made the solution attractive,” he says.
“Skyfence is a proxy-based solution that provides cloud app discovery/risk scoring, analytics and protection,” says Frank Cabri, vice president of Marketing for Skyfence. “It does not require any endpoint software.”
The solution uncovers cloud apps by inspecting and aggregating data in user access logs from enterprise web-proxies and firewalls, Cabri (right) explains. An app discovery report is generated using a locally executable tool that scans existing logs files (from firewalls or web proxy systems) either manually or on an automatic schedule. The non-intrusive process does not require any installation of agents or changes to applications.
Skyfence automates the process of determining which cloud apps users are accessing and details the number of users, activity level, traffic volume and usage hours for each app.
It performs a risk assessment and categorizes each cloud app as high, medium or low risk. Risk metrics, such as the status of service provider audits (e.g., SSAE-16), compliance requirements (e.g., PCI AoC) and many other critical criteria are consolidated and measured so organizations can use the risk score of each app to prioritize their risk migration efforts. In addition, the advanced risk metrics feature lets organizations customize risk weightings so app metrics can be adjusted to reflect the risk to their specific business operations, Cabri says.
Skyfence, he adds, delivers a complete picture of cloud app risks and operational intelligence through detailed analytics of cloud app usage. “It aggregates the output of multiple app scans and app risk metrics with detailed monitoring and analytics of user, app and endpoint usage,” Cabri says. “The solution also generates consistent user activity logs for IT staff across the entire cloud environment – critical for effective risk management and for correlation with your existing SIEM environments. Additionally, Skyfence has built-in enterprise integrations that make it simple to integrate with enterprise directories and market leading SIEM solutions from Arcsight, Splunk and Q1 Labs, adds Cabri.
The implementation at EMF went smoothly, says Walker. “We used the Skyfence cloud deployment option so there was no on-premises equipment required and support was seamless. And, it's very easy to manage, he adds, since it does not have any API dependencies and does not use any agents. “It provides seamless interoperability with single sign-on vendors for easy integration. Also, because it is application agnostic, Skyfence can support any current and future cloud applications that EMF implements.
An added value is that the offering does not store payment card information in the cloud, so there are no compliance requirements at this time.
The Skyfence tool currently reaches across EMF's entire network supporting all cloud applications and users at EMF.
The radio station network plans to enforce the same levels of security monitoring and protection across all cloud applications so it will expand its use of Skyfence to new users, apps and endpoint devices as they are introduced into its environment.
“Our policies have changed to focus on extending the same security measures we use in the datacenter to cloud apps,” says Walker. “Skyfence helps us ensure that the same security best practices used in our on-premise data center are being applied to our cloud environment.
Cloud app usage had created a security blind spot for us, Walker admits. “We lacked both the visibility into what cloud applications our employees were using and the ability to monitor activity and unauthorized access.” But, with the implementation of Skyfence provided the ability to automatically identify managed and unmanaged mobile devices accessing cloud apps and to enforce specific access policies based on whether a device is managed by IT or not, he explains.
Skyfence includes dynamic user and device fingerprinting technology to quickly establish a complete and detailed profile of behavior based on the normal patterns of use for each user, department and device, says Cabri. “Any access that fails the fingerprint test can be configured to immediately alert, block or require two-factor identity verification in real-time, giving IT staff the ability to strongly authenticate users performing higher risk activity while automatically enforcing security policies across all their cloud services.”
Skyfence provides a variety of deployment options (cloud, on-premise virtual or physical appliance inline and non-inline), no agents are required on endpoints, comprehensive support for any application, provides contextual user information from AD not just IP addresses, fingerprints each users' unique identity and behavior to profile how they access cloud applications in order to automatically look for atypical behavior indicative of compromised credentials or a malicious employee.
Skyfence Cloud Gateway is available as a cloud service, on-premise appliance or virtual appliance, and as a managed service. When using the gateway on-premise, inline and offline configurations are supported. Updates (including new features and new risk information) are made automatically via the internet.
The cloud is no longer a future technology, says Cabri. “For many organizations, the move from on-premise to software-as-a-service (SaaS) applications – such as Office365, Salesforce.com, Google Apps, Dropbox, NetSuite and others – can result in significant cost savings and increased flexibility.” But, he points out, it also introduces business and security risks as SaaS applications create “blind spots” that cannot be addressed by traditional on-premise monitoring and security solutions. “While cloud apps and services are changing the computing environment, IT requirements for safe and productive use of resources have not changed. With Skyfence, users get the apps they want and IT gets the visibility and control they need.
According to Frank Cabri, vice president of marketing for Skyfence, the tool's analytics provide critical insight and intelligence into:
- Data usage: Who performed actions, viewed or modified what, when, and how often;
- Privileged user monitoring: Including data access, configuration and user permission modifications;
- API activity: Cloud app and services data accessed via APIs.
Protection: Covering the bases
The goal when implementing a solution from Skyfence, says Juan Walker, principal security strategist at EMF Broadcasting, was to protect:
- High-profile employees, such as CEOs and official spokespeople, who will attract more attention than most. Their role requires extra guidance.
- Officially recognized channels, such as the company's Twitter feed and Facebook page. These channels require more guidance, and should be used only by designated people.
- Privileged information of any sort, including customer or patient identification.
- Enterprise financials.
- High-profile topics, such as safety, product recalls, mergers and acquisitions, and compliance. Natural disasters or political events that can affect the company.
- Dramatic events that affect the organization's brand, competitors or the industry as a whole.