SecurityBrief New Zealand logo
Story image

Developing a one-two punch for cloud security

17 Jul 2018
Sara Barker
Share:

As organisations adopt cloud-based tools to enhance their operations, many are realising that the security strategies they have in place are no longer providing effective protections. In the past, IT security was primarily aimed at protecting a physical location, such as an office, that had access to a data centre.

The thinking was that everything would be secure if there were firewalls installed at both locations and an encrypted network tunnel between the two. While this held true when applications and data were stored within a corporate data centre, things have changed.

Today, applications and data often rest in a number of different locations, including cloud platforms and services managed by other companies. This is a dramatic shift from the historical tactic of conducting business in an on-premises-only fashion. When data is regularly accessed from a myriad of devices outside the corporate firewall, strategies to maintain effective security have to evolve.

Rapid cloud adoption

Within most organisations, the adoption of cloud-based resources is accelerating – often without the knowledge of IT departments. While sanctioned cloud applications are likely to be in use, employees are just as likely to be using unsanctioned apps as a part of their daily routines. Unfortunately, many of these tools are not enterprise ready – they don’t provide IT with the visibility or data protection features that are needed to defend users and corporate IT infrastructure.

Because data is moving from the corporate network to a virtually infinite number of cloud applications that lack adequate security features, organisations must look to specialised security solutions that can protect data wherever it goes.

This is particularly true in light of compliance requirements that demand heightened security for protected data. Monitoring, administering, and controlling hundreds of cloud apps is impossible without the appropriate tools.

Achieving visibility and security

Organisations must understand how data is used by their staffs before they can prevent it from moving to unsafe destinations. In other words, they must achieve comprehensive visibility as well as data security.

Key tactics for obtaining visibility and control over data include:

  • Identity consolidation: Rather than having disjointed identity management for multiple applications, organisations should leverage the existing corporate user directory and extend access to cloud apps. This gives users single sign-on for all of a business’ applications and lets them access said apps from the devices of their choosing.
  • Central policy enforcement: An enterprise needs to adopt a tool that enforces security policies on everyone accessing data – regardless of the devices that they are using. For example, a business should be able to require multi-factor authentication or that a personal device automatically locks its screen after a certain period of inactivity.
  • Mobility Management: IT teams must also have suitable tools to secure data as it is accessed and stored by mobile devices. In addition to other security features, these solutions should provide the ability to wipe data remotely if the device is lost or an employee leaves the organisation.

The role of CASB and identity as a service (IDaaS)

A cloud access security broker (CASB) provides security when data and applications move to a cloud environment. It manages user devices, enables visibility, ensures data protection, and enforces access controls.

A CASB can bolster defences for data when it is at rest on a cloud platform, and ensure that it remains secure as it is being accessed by users. It allows sessions to be monitored and anomalous activities to be spotted and remediated in real time.

Another important element of any successful security strategy in a cloud environment is identity management. Over the past decade, most organisations have developed identity management systems internally. Today, they must simply extend their best practices and policies to the cloud. This can be achieved by adopting an identity as a service (IDaaS) solution.

IDaaS can be used to fill previously neglected cloud security gaps. For example, many employees use a single, unsecured password across multiple cloud services, increasing the damage that can be done in the event of credential compromise.

As multi-factor authentication has helped to address this problem within corporate IT infrastructure, the capability must also be used to cover cloud platforms via IDaaS. This will help to ensure data and applications are only accessed by the individuals who are authorised to do so.

Business benefits from cloud security

Leveraging CASB and IDaaS delivers three significant advantages to any organisation seeking to secure its use of cloud services.

  • Improved user productivity: Having single sign-on (SSO) allows users to access data and applications from any device or location quickly, easily, and securely. A single set of credentials is all that is needed to gain access to required resources via SSO.
  • Better compliance: Together, CASB and IDaaS achieve end-user productivity and corporate security, ensuring that the enterprise is better able to meet its compliance requirements. Automated security policies can be enforced in real time and activity can be monitored continuously.
  • Increased operational efficiency: An organisation that is confident in its ability to secure data in the cloud can deploy a host of applications. This enables users to seek the best tools for performing their work, which inevitably increases operational efficiency throughout the business. Additionally, this reduces IT-related costs like those incurred when investing in traditional, on-premises infrastructure.

With CASBs and IDaaS, organisations can be confident that they have adopted the key elements needed to ensure effective security in the cloud. Whether separate solutions are deployed together, or both components are found in a single, complete solution, leveraging CASBs and IDaaS gives organisations data security built for the future, allowing them to reap the benefits of the cloud for years to come.

Article by Bitglass vice president of Asia Pacific and Japan, David Shephard.

Related stories:
Why uptime and performance are key to cloud security
Greater demand for modern data protection, disaster recovery as COVID sees increase in attacks
Quest Software launches solutions for operations, protection and governance
ThycoticCentrify launches additions to DevOps Secrets Vault
Trend Micro launches cloud security platform on AWS Marketplace
Microsoft Exchange breach a wake-up call to ditch the server
Dig deeper:
Cloud security Cloud access security broker Bitglass Data Protection
Story image
Why uptime and performance are key to cloud security
The cloud has virtually infinite redundancy, storage and compute power, so why reinvent it? True cloud security should be delivered from the cloud itself.More
Story image
Avast identifies new cryptocurrency malware Hackboss
Researchers from Avast, the global digital security and privacy company, say they have identified new cryptocurrency-stealing malware.More
Story image
Kaspersky launches new course to defend users against doxing
"Knowing the threats that are out there makes it easier to take measures to avoid them, and one such threat is doxing - the act of gathering and revealing identifying information about someone online against their will."More
Story image
Why DevSecOps must strive for effective enforcement measures
Threats to applications go beyond exploiting code and logic vulnerabilities which are already more than enough to analyse and cope with.More
Story image
Uptick in cloud-based identity and access management in enterprises - survey
The popularity of cloud-based identity and access management (IAM) adoption in enterprises is on the rise.More
Story image
A guide to combating Active Directory misconfigurations
With so many attacks abusing misconfigurations in Active Directory, it’s time to fix it, writes Attivo Networks regional director for ANZ Jim Cook.More
Story image
Why uptime and performance are key to cloud security
The cloud has virtually infinite redundancy, storage and compute power, so why reinvent it? True cloud security should be delivered from the cloud itself.More
Story image
Avast identifies new cryptocurrency malware Hackboss
Researchers from Avast, the global digital security and privacy company, say they have identified new cryptocurrency-stealing malware.More
Story image
Kaspersky launches new course to defend users against doxing
"Knowing the threats that are out there makes it easier to take measures to avoid them, and one such threat is doxing - the act of gathering and revealing identifying information about someone online against their will."More
Story image
Why DevSecOps must strive for effective enforcement measures
Threats to applications go beyond exploiting code and logic vulnerabilities which are already more than enough to analyse and cope with.More
Story image
Uptick in cloud-based identity and access management in enterprises - survey
The popularity of cloud-based identity and access management (IAM) adoption in enterprises is on the rise.More
Story image
A guide to combating Active Directory misconfigurations
With so many attacks abusing misconfigurations in Active Directory, it’s time to fix it, writes Attivo Networks regional director for ANZ Jim Cook.More
Story image
New onboarding standard to secure Internet of Things launched
A new onboarding standard to secure Internet of Things has been created by the FIDO Alliance.  More
Story image
Hackers hit Apple with ransomware, MacBook design files exposed
Hackers are attempting to extort Apple in exchange for not leaking stolen files.More
Story image
ThycoticCentrify launches additions to DevOps Secrets Vault
"With the need for cloud security skyrocketing, enterprises can now address these new use cases more efficiently with an integrated solution.”More
Story image
Auth0 launches new feature for business customer identities
"We are thrilled to launch Auth0 Organizations as our next-generation offering for easy onboarding, authentication, and administration of business customers.”More
Story image
'Catastrophic forgetting': What it is, and how to prevent it
AI has been used to combat cyber-threats for years. But there are many related pitfalls — and catastrophic forgetting is a major one.More
Story image
IoT connections to generate $16 billion in security revenue as new threat vectors arise
"There are limited IoT security solutions in the market, due in large part to the fragmented nature of the IoT itself."More
Story image
Fortinet looks to reduces cyber skills gap with Training Advancement Agenda
“Fortinet is committed to solving today’s biggest cyber challenges, including addressing the talent shortage the industry faces, as both a technology company and learning organisation."More
Story image
Voyager launches customer experience squad for flagship VoIP solution
The updated solution will focus on improving customer interactions, behind the scenes operations, and system improvements. More
Story image
Attivo Networks announces SentinelOne integration to increase threat protection
The integrated solution creates a defence against sophisticated attackers and provides comprehensive coverage across a broad set of attack techniques, as documented in the MITRE ATT&CK matrix.More
Story image
Automotive Security Research Group selects ThreatQuotient
ThreatQuotient is throwing its weight behind the development of automotive cybersecurity, specifically threat intelligence sharing for automotive products.More
Story image
Data breaches enabling blackmail, extortion and intellectual property theft
Data breaches and cyberattacks are no longer just an online issue.More
Story image
Corporate security failing to keep pace in new COVID-19 world
Corporate security is failing to keep pace in the new normal of remote working in the wake of the COVID-19 pandemic, says Fujitsu. More
Story image
Video: 10 Minute IT Jams - SonicWall manager dissects zero trust security
Today’s interviewee is SonicWall head of presales for APAC, Yuvraj Pradhan, who discusses various talking points surrounding zero trust security.More
Story image
Palo Alto Networks establishes cybersecurity consulting group Unit 42
The group will help enterprises respond to emerging threats as they navigate an increase in costly, crippling cyberattacks.More
Story image
New research by Netacea into digital fingerprint and identity thief
Bot detection and mitigation company Netacea has published new research into the Genesis Market, an invite-only deep web marketplace that trades in digital fingerprints and enables buyers to impersonate victims online.More
Story image
Ransomware recovery costs more than doubled in past year
"The findings confirm the brutal truth that when it comes to ransomware, it doesn't pay to pay."More
Story image
Dell Technologies partners with SecureWorks for new security service
The new Dell Technologies Managed Detection and Response powered by Secureworks TaegisXDR provides 24/7 security across endpoint devices, data centre networks and cloud environments.More
Story image
The challenge of ensuring effective protection against DNS attacks
The ways in which bad actors can use DNS to mount attacks are numerous. Here are some of the most popular ones.More
Story image
Interpol announces it will join the Coalition Against Stalkerware
The international criminal police organisation Interpol has announced that it will join forces with the Coalition Against Stalkerware, which cybersecurity company Malwarebytes is a part of.More
Story image
COVID-19 has changed the way companies handle data security
According to data classification company Titus, the rise in remote working under COVID-19 has delivered far-reaching changes in how we do business, with significant implications for CISOs, compliance, and data governance officers. More
Story image
Fortinet: Reduce risk with consistent security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains how consistent security can reduce risk whilst streamlining NOC/SOC operations and minimising costs.More
Vectra AI releases new endpoint integration to Cognito platform
Cloud network detection and response company Vectra AI has released extended endpoint detection and response native integration into its Cognito platform.More
eCommerce losses to online payment fraud to exceed $20 billion in 2021
The use of artificial intelligence will enable behavioural biometrics in this area, which will increase security across all potential fraud channels.More
Trend Micro launches cloud security platform on AWS Marketplace
Organisations that build on AWS are now able to leverage Trend Micro Cloud One to protect their cloud-based environments.More
Messaging app used to control and distribute malware
Hackers are using instant messaging app Telegram for remote control and distribution of malware, according to Check Point Research.More
CrowdStrike launches integrations to advance NDR for enterprise
"This integration with NDR partners provides mutual customers a comprehensive, holistic cybersecurity solution with enhanced visibility, streamlined detection and response and frictionless automation."More
Cloud native computing adoption sees increase in security concerns
"We are at a pivot point in terms of the evolution of both the developers role as well as a transformation within the security industry as a whole."More
Organisations faced unprecedented ransomware risk in 2020
Enterprises faced unprecedented cybersecurity risk in 2020 from increasing attack volume, the pandemic-driven digital transformation of work, and generally deficient cyber preparedness and training.More
Massive WHO scam busted - 'DarkPath Scammers' group suspected
The scam campaign comprised a network of 134 websites that attempted to lure people in by asking them to take a survey for a monetary reward.More
Kordia acquires Auckland-based managed IT firm Base2
Kordia Group CEO Shaun Rendell says it's a natural progression of the company’s services as IT and telecommunications converge.More
You're invited: Join CorPlan in Wellington for IBM Think 2021
IBM Think 2021 is just around the corner and it’s shaping up to be a huge event that brings the latest in artificial intelligence, data, and hybrid cloud to everyone.More
New research reveals customer behaviour around fraud risks
"Timeliness is key, you must get the alert in front of people at the exact moment they are at risk of fraud. Without this, banks will continue to spend huge amounts of money on fraud prevention messaging that will never have an impact."More
CISOs facing rising security debts
Chief information security officers are facing a rising security debt to secure their organisations against an increasing volume of attacks by well-armed criminals. More
SolarWinds adds three executives to its C-suite team
The company says the new appointments will bolster the company’s customer experience, security and product innovations.More
Greater demand for modern data protection, disaster recovery as COVID sees increase in attacks
Data-driven organisations must evaluate evolving requirements for backup and disaster recovery to combat emerging workload challenges.More
Phishing, monetary gain and supply chain attacks characterise cybercrime
"Cyber criminals leveraged phishing, ransomware and supply chain vector attacks to strike networks for financial gain. We believe that these network security trends will continue in 2021."More
Sharp increase in cyber attacks in last quarter of 2020 - report
There was an increase in the number of attacks aimed at the trade industry and medical institutions, as well in the number of social engineering attacks on individuals.More
A look at the MS Exchange zero-days and how to protect your business
Every organisationusing Microsoft Exchange must patch their on-premise servers immediately and scan their networks for signs of malicious activity.More
Entrust launches PKI as-a-Service to better secure cloud apps
The next generation of its high-assurance PKI, Entrust PKIaaS, is designed to be secure, quick to deploy, scale on-demand, and run in the cloud.More
See all stories