Lessons Learned from Baidu Collection of Japanese Information

In my previous blog entry on the Baidu practice of collecting information on Japanese users, I discussed the security risks associated with using Baidu IME (Input Method Editor). There are so many applications that use the cloud, so today I want to expand the risk discussion to other cloud-based applications commonly used by businesses.

Office applications:

SkyDrive is the online storage application built-in to Microsoft Office which allows you to save your documents in the cloud. As with similar services, the idea is that you can continue to work with these files from any place such as your home, a café, or a hotel. You can collaborate with your co-workers or even with people outside of your company.

Word3

End-users in your organization are using this option for business purposes without any malicious intentions. However, from a corporate perspective, there is a risk of unintentional information leakage by end users or the cloud service may be hacked.

Translation sites:

When you need to translate documents into or from foreign languages, a translation site is considerably handy. The quality of machine translation is rarely perfect, but a rough translation of text provides a quick and decent understanding of the content. Free translation services are offered by companies like Yahoo! and Google.

translation2

The convenience of these services makes them popular. However, if employees translate internal documents, there is a possibility of information leakage because that information will be sent to the company providing the translation service. Yahoo and Google are well-known companies, but there are countless others that are less known and less reliable from a security perspective.

There is another risk on translation sites. Usually, translation sites have a function to translate web pages. It's important to remember that this function can be used to bypass company URL filtering policy to access prohibited web sites.

Chat applications:

Business people use chat applications for conversations with internal and external personnel because they are more real-time than email and less disturbing than phone calls. With these convenient communication tools, productivity is higher, but the risk of information leakage is also higher because the company that owns the chat application can monitor all chat logs.

For example, the chat application Line, which is very popular in Japan, is supported on PCs, MACs and smartphones and is also used in the corporate sector. Line uses several ports (80, 443,5223,5242,9418) for TCP and dynamic ports for UDP. If you want to block Line from your network, many port-based firewalls will struggle due to the high number of ports in use. And that's not only the case for Line; many chat application use a combination of non-standard ports and dynamic ports to enhance their connectivity.

Here are some ways you can prevent information leakage, all of them achievable using Palo Alto Networks technology.

1. Monitor all traffic, including applications that send information to the cloud.

Without visibility, you cannot exert the appropriate controls and it becomes difficult to perform forensics when an information leakage occurs.

It may be difficult to identify which applications are sending information to the cloud. To solve this problem, Palo Alto Networks categorizes the application databases into “file-sharing” and “instant-messaging.” By using these categories, one can easily monitor the abovementioned applications. Our technology can also break out application functions like chat function/file-sharing in social networking applications for more granular control.

2. Set policies: Maintain application enablement policies by users.

If you blocked all applications for all users that use the cloud, your company’s productivity would slow to a crawl. Therefore, you need to set policies that enable applications to maximize the productivity and to minimize the risk.

3. Enforce the policies.

Obviously, you cannot rely on the end users themselves to follow the abovementioned policies without any enforcement. You need to set the policies on the perimeter security platform and enforce them automatically.

At our upcoming Ignite 2014 conference, we'll be discussing these business challenges in depth. Register today and join us in Las Vegas!