Intelligent CIO Europe Issue 16 | Page 55

/////////////////////////////////////////////////////////////////////// FEATURE: THREAT ANALYSIS Protecting against a ‘Man in the Cloud’ (MitC) attack Enterprises have no choice but to conform to the necessity of protecting their networks against potential cyberattacks in the digital era. Anurag Kahol, CTO, Bitglass, offers his best practice advice for businesses to take the right steps for ensuring protection from MitC attacks. T he popularity of the cloud is undeniable and its usage is increasing every day. The International Data Corporation (IDC) recently forecast that worldwide public cloud spending will reach US$210 billion in 2019 – an increase over 23.8% from 2018. With growth like this however, it is unsurprising that malicious entities have taken note, giving rise to a new breed of cyberattack. Man in the Cloud, or MitC, attacks have become more prevalent in recent years as the use of the cloud grows in popularity. This attack aims to access its victims’ accounts without the need to obtain compromised user credentials beforehand. But what is an MitC attack? How do I know if there is a man in my cloud? And how can I stop him from getting in? MitC’s anatomy MitC attacks take advantage of the OAuth synchronisation token system used by cloud applications to gain access to cloud accounts. Popular cloud services – Dropbox, Microsoft OneDrive, Google Drive and more – each save one of these tokens on a user’s device after initial www.intelligentcio.com INTELLIGENTCIO 55