CyberCX has released its annual Digital Forensics and Incident Response Year in Review Report for 2023 →

Our VPN servers are overwhelmed because backhauling traffic isn’t viable. How can we ensure that these applications are remotely accessible while addressing exfiltration concerns?


Mark Hofman Answered by Mark Hofman, Chief Technology Officer, CyberCX

Many organisations have staff connecting to a VPN solution and then pivoting back out of the organisation to the various cloud environments and solutions that they’re using. That is creating a challenge as often there is no reason why they can’t connect directly to those cloud services, other than the risk of exfiltration.

The exfiltration concern is probably the same without the VPN as it is with it, because in cloud environments you often have access to other services and this is potentially a different access point. Whatever platform you are using, whether it be Office 365, Azure, AWS or the Google Cloud environments, you have logging facilities that provide you with details of exactly what the user is accessing and what they’re actually downloading, uploading or even sending back out again.

There are a number of tools that will look into those particular cloud platforms and provide you with that overview. By having agents on the endpoint that report back to a central location, you can observe when people are copying things from one drive to Dropbox for example. Some of the platforms have data loss prevention capabilities, like Office 365, then you have access to the DLP (data loss prevention) components and there you can actually set up rules about how your data can be accessed and where it can be moved to and sent through.

View our 5 easy steps to improve your cyber resilience.

Cyber Resilience Strategies

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.