SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cloud Access Security Broker: A force to be reckoned with in the new-age of cloud computing
Wed, 13th Dec 2017
FYI, this story is more than a year old

When I woke up this morning, I sent an email using Outlook in Office 365. On the way to work I logged in to Salesforce from my mobile. And later that day, I shared a briefing document with a partner on Dropbox.

Before midday I had already accessed and shared information through three cloud based applications for work, and I had checked in to others for business and personal reasons – such as WhatsApp.

This will no doubt sound familiar to many of you. Cloud based applications such as Office 365, Google Suite, Salesforce and Amazon AWS are prevalent in many of our professional and personal lives. In fact, the average employee now accesses up to 36 cloud-based apps every day.

It has become apparent that we now live in a zero-perimeter world, transformed by cloud, remote workers and BYOD. Data is everywhere - in private and public clouds, on removable media and comingled with personal information on mobile devices.

While this offers up new opportunities for business, it throws up new challenges too. With the growth of BYOD and a “Cloud First” approach to information technology initiatives, significant security and compliance blind spots are being created.

Fortunately, the security industry has caught up. Cloud Access Security Broker (CASB), a formidable entrant onto the cloud security market, offers to shine a light on activity in the cloud, keep organisations secure as their employees navigate this new world, and help IT professionals sleep a little easier at night.

The zero-perimeter: a new-age visibility challenge

IT teams may not control the endpoint or the cloud app, but are still responsible for their company's information assets. While the combination of existing infrastructure and the right cloud security tools can be leveraged to help organisations discover cloud apps, they cannot provide the visibility and control required for a comprehensive solution.

The lack of visibility into the risks and usage patterns of cloud apps is a major challenge for organisations. Cloud apps unsanctioned by IT (commonly known as Shadow IT) result in information assets that are uncontrolled and outside the governance, risk and compliance processes of an organisation.

Organisations require visibility into cloud app account usage, including who uses which cloud apps, their departments, locations and devices used. Critically, organisations need to know which users are administrators for each cloud app since these users have privileges that must be tracked closely.

Another driver compromising visibility is the influx of BYOD devices that access business based apps. This has increased headaches for the IT department. Access to cloud apps through BYOD devices sets a challenge of managing endpoints (smartphones, tablets). Leave them unmanaged and you leave yourself open to losing control of corporate data.

The threat from within

Insider threats have always presented a special challenge to organisations. It can be difficult to guard against the malicious intent of authorised users since they are more likely to use approved devices and may have knowledge of thresholds for alerts and notifications.

Along the same lines, former employees pose a significant security risk, as they may have been disabled from the organisational directory but can still access cloud apps that contain business-critical information. Contractors and consultants present similar a security risk, as they may be able to access cloud apps.

Enter: Cloud Access Security Broker (CASB)

First and foremost, cloud security tools offer visibility into what apps are being used by employees. Secondly, they conduct a risk assessment to understand contextual risk of apps, users and security configurations. And lastly, CASB offers automated cloud threat prevention and context-aware enforcement of an organisations existing data security policies.

Overall, CASB helps eliminate blind spots by providing visibility into - and control over - users' devices and cloud apps, helping to understand the rhythm of employees and the flow of data. It not only lets IT teams discover and assess risk from unsanctioned cloud apps, but also control how sanctioned cloud apps (e.g., Office 365, Google Suite, Salesforce, Box, Dropbox) are used, to help prevent the loss of critical data and IP.

Next steps for success and security in the cloud

Given the challenges and threats to cloud apps, these are three critical steps every organisation should take in order to gain visibility and reduce the risks that cloud app adoption presents:

Discover which cloud apps are in use. This step requires organisations to get a global view of all cloud apps accessed by employees through active monitoring of forensic data;

Assess the data and analytics on context-aware user activities so that more effective policies can be created to mitigate cloud app-related risks;

Enforce controls that ensure the safe and productive use of cloud apps. This step should include advanced behavioural detection and automated policies to protect and remediate account takeover threats in real time.

The future of CASB

It's been almost two years since Gartner labelled CASB a “required security platform for organisations using cloud services”, and yet, many business leaders are still only beginning to grasp the significance of this critical tool.

CASB brings ultimate visibility into cloud app usage, identifies high-risk activities and enforces policies and controls to protect business critical data. It helps you understand how your organisation works within the cloud.

In the coming years, we can expect to see CASB continue to vastly improve enterprise security posture as organisations transition towards embracing business in the cloud.