New Zealand
Story image

Developing a one-two punch for cloud security

17 Jul 2018
Sara Barker
Share:
LinkedIn
Twitter
Facebook

As organisations adopt cloud-based tools to enhance their operations, many are realising that the security strategies they have in place are no longer providing effective protections. In the past, IT security was primarily aimed at protecting a physical location, such as an office, that had access to a data centre.

The thinking was that everything would be secure if there were firewalls installed at both locations and an encrypted network tunnel between the two. While this held true when applications and data were stored within a corporate data centre, things have changed.

Today, applications and data often rest in a number of different locations, including cloud platforms and services managed by other companies. This is a dramatic shift from the historical tactic of conducting business in an on-premises-only fashion. When data is regularly accessed from a myriad of devices outside the corporate firewall, strategies to maintain effective security have to evolve.

Rapid cloud adoption

Within most organisations, the adoption of cloud-based resources is accelerating – often without the knowledge of IT departments. While sanctioned cloud applications are likely to be in use, employees are just as likely to be using unsanctioned apps as a part of their daily routines. Unfortunately, many of these tools are not enterprise ready – they don’t provide IT with the visibility or data protection features that are needed to defend users and corporate IT infrastructure.

Because data is moving from the corporate network to a virtually infinite number of cloud applications that lack adequate security features, organisations must look to specialised security solutions that can protect data wherever it goes.

This is particularly true in light of compliance requirements that demand heightened security for protected data. Monitoring, administering, and controlling hundreds of cloud apps is impossible without the appropriate tools.

Achieving visibility and security

Organisations must understand how data is used by their staffs before they can prevent it from moving to unsafe destinations. In other words, they must achieve comprehensive visibility as well as data security.

Key tactics for obtaining visibility and control over data include:

  • Identity consolidation: Rather than having disjointed identity management for multiple applications, organisations should leverage the existing corporate user directory and extend access to cloud apps. This gives users single sign-on for all of a business’ applications and lets them access said apps from the devices of their choosing.
  • Central policy enforcement: An enterprise needs to adopt a tool that enforces security policies on everyone accessing data – regardless of the devices that they are using. For example, a business should be able to require multi-factor authentication or that a personal device automatically locks its screen after a certain period of inactivity.
  • Mobility Management: IT teams must also have suitable tools to secure data as it is accessed and stored by mobile devices. In addition to other security features, these solutions should provide the ability to wipe data remotely if the device is lost or an employee leaves the organisation.

The role of CASB and identity as a service (IDaaS)

A cloud access security broker (CASB) provides security when data and applications move to a cloud environment. It manages user devices, enables visibility, ensures data protection, and enforces access controls.

A CASB can bolster defences for data when it is at rest on a cloud platform, and ensure that it remains secure as it is being accessed by users. It allows sessions to be monitored and anomalous activities to be spotted and remediated in real time.

Another important element of any successful security strategy in a cloud environment is identity management. Over the past decade, most organisations have developed identity management systems internally. Today, they must simply extend their best practices and policies to the cloud. This can be achieved by adopting an identity as a service (IDaaS) solution.

IDaaS can be used to fill previously neglected cloud security gaps. For example, many employees use a single, unsecured password across multiple cloud services, increasing the damage that can be done in the event of credential compromise.

As multi-factor authentication has helped to address this problem within corporate IT infrastructure, the capability must also be used to cover cloud platforms via IDaaS. This will help to ensure data and applications are only accessed by the individuals who are authorised to do so.

Business benefits from cloud security

Leveraging CASB and IDaaS delivers three significant advantages to any organisation seeking to secure its use of cloud services.

  • Improved user productivity: Having single sign-on (SSO) allows users to access data and applications from any device or location quickly, easily, and securely. A single set of credentials is all that is needed to gain access to required resources via SSO.
  • Better compliance: Together, CASB and IDaaS achieve end-user productivity and corporate security, ensuring that the enterprise is better able to meet its compliance requirements. Automated security policies can be enforced in real time and activity can be monitored continuously.
  • Increased operational efficiency: An organisation that is confident in its ability to secure data in the cloud can deploy a host of applications. This enables users to seek the best tools for performing their work, which inevitably increases operational efficiency throughout the business. Additionally, this reduces IT-related costs like those incurred when investing in traditional, on-premises infrastructure.

With CASBs and IDaaS, organisations can be confident that they have adopted the key elements needed to ensure effective security in the cloud. Whether separate solutions are deployed together, or both components are found in a single, complete solution, leveraging CASBs and IDaaS gives organisations data security built for the future, allowing them to reap the benefits of the cloud for years to come.

Article by Bitglass vice president of Asia Pacific and Japan, David Shephard.

Related stories:
Tesla's suit against ex-employee a strong case for IP security
Trend Micro delivers network security with AWS
Protecting organisations from insider threats - Bitglass
Amazon admits storing Alexa recordings until users take action
Enterprise at tipping point, says Symantec
Australia, NZ and Singapore in cybercriminal firing line
Dig deeper:
Story image
05 Jul
Amazon admits storing Alexa recordings until users take action
Amazon’s Alexa voice service is storing all user voice recordings and transcripts on its servers by default – and people who want to delete those recordings must do so manually.More
Story image
05 Jul
Responsible AI starts with responsible leaders - PwC
Responsible practices in artificial intelligence (AI) starts with how each individual organisation plans to strategise, design, develop, and deploy the technology. More
Download image
Using UEBA to fight user-based threats internally
This whitepaper uncovers how User and Entity Behaviour Analytics (UEBA) reduces your organisational risk and enables you to respond more quickly to attacks.More
Story image
10 Jul
One Identity solution achieves new SAP certification
Customers can benefit from improved interoperability with SAP applications and with the large ecosystem of solutions that run on SAP NetWeaver. More
Story image
Yesterday
ESET's MSP program extends cloud business solutions
ESET specifically shaped the program so it’s easier for providers to work with a trusted industry leader and to reach a rapidly growing customer base.More
Story image
05 Jul
Bitdefender advances endpoint security solution for SecOps teams
“Rather than rely on a pure prevention or pure detection/response model, the most secure organisations will weave in strong prevention and speedy detection/response with integrated risk analytics.”More
Story image
Amazon admits storing Alexa recordings until users take action
Amazon’s Alexa voice service is storing all user voice recordings and transcripts on its servers by default – and people who want to delete those recordings must do so manually.More
Story image
Responsible AI starts with responsible leaders - PwC
Responsible practices in artificial intelligence (AI) starts with how each individual organisation plans to strategise, design, develop, and deploy the technology. More
Download image
Using UEBA to fight user-based threats internally
This whitepaper uncovers how User and Entity Behaviour Analytics (UEBA) reduces your organisational risk and enables you to respond more quickly to attacks.More
Story image
One Identity solution achieves new SAP certification
Customers can benefit from improved interoperability with SAP applications and with the large ecosystem of solutions that run on SAP NetWeaver. More
Story image
ESET's MSP program extends cloud business solutions
ESET specifically shaped the program so it’s easier for providers to work with a trusted industry leader and to reach a rapidly growing customer base.More
Story image
Bitdefender advances endpoint security solution for SecOps teams
“Rather than rely on a pure prevention or pure detection/response model, the most secure organisations will weave in strong prevention and speedy detection/response with integrated risk analytics.”More
Story image
Eaton brings first lithium-ion UPS to A/NZ
Designed for distributed IT and edge computing, the UPS offers increased network security and battery life, and remote management capabilities.More
Download image
Overcoming security gaps with people, process, and technology
One of the largest inhibitors to cloud adoption is concern around the security of leveraging a service provider in a multi-cloud world.More
Story image
Overcoming deepfakes with deep learning
In the past couple of weeks, there have been high-profile examples of deepfakes, where deep learning, an advanced subset of AI, is used to manipulate videos to create fake videos.More
Story image
Cyber threats: Legacy systems aren't always the culprit
There is a common misconception that product security is the only way to mitigate vulnerabilities and threats. More
Story image
FintechNZ: Most NZ companies don't report cyber incidents
"There are some fundamental basics that a company can put in place with no or minimal cost. People and staff still pose a great risk, so cybersecurity issues need to be high on the management agenda.”More
Download image
Why holding back from cloud adoption is holding your business up
The study surveys more than 950 IT decision-makers and IT pros from across the globe to better understand the barriers to increasing cloud usage.More
Story image
UPDATED: Orvibo & Arlo smart home products patched to prevent attacks
The security of smart home devices is once again under the spotlight this week, as two different device manufacturers come under fire for major vulnerabilities.More
Story image
BlackBerry launches new threat hunting solution
CylanceGUARD is a subscription-based offering that validates, triages, analyses, prioritises, and automates analyst and incident engagement. More
Story image
Changes to Aruba's South Pacific line up
Aruba names new director for A/NZ business as Anthony Smith moves into APJ channel roleMore
Story image
Increasing talent shortage in A/NZ cybersecurity market
According to new research from Hays, technical expertise is simply not enough when hiring cybersecurity personnel and businesses should be looking to upskill employees.More
Story image
Rapid increase in AI to detect fraud
"Criminals are finding new ways to exploit technology to commit schemes and target victims."More
Story image
RSA responds to increasing A/NZ regulations with new updates
The new data protection and privacy management capabilities will help business in the A/NZ region to better ensure data protection and privacy regulations and compliance, according to the company.More
Story image
Why 5G and AI will determine cybersecurity strategy for the next decade
"We all stand on the threshold of a new era of cybercrime."More
Story image
Sektor NZ acquires security distie DUO NZ
“Sektor are market leaders in verticals that are increasingly intersecting with the cybersecurity market, it’s an emerging market for us that we have been very keen to pursue.”More
Story image
CERT NZ report: Unauthorised account access a growing problem
New Zealanders reported direct financial losses of $1.7 million. While that is still a substantial loss, the figure is a 71% drop from the previous quarter.More
Story image
92% of businesses experience identity challenges - LastPass
Data from the report reveals IT professionals overwhelmingly (82%) agree that poor identity practices have exposed their business to risks.More
Story image
SecOps launches new DNS service powered by Cisco
“The way people work now is making it really hard for security and IT teams to secure organisational information in the traditional sense."More
Story image
Trend Micro delivers network security with AWS
Trend Micro Cloud Network Protection, available today, will be listed on AWS Marketplace.More
Story image
Why businesses are not ready to implement 5G - Cradlepoint
A new study from Cradlepoint reveals that businesses expect 5G to be a major part of their technology roadmap but have a long way to go before they are ready to implement a solution.More
Download image
Insider threats & breach reports: Why security needs more investment
Insider threats (those that come from within your organisation) are a serious concern - here's why.More
Story image
Global banks fail to keep up with application security
One bank had an unpatched vulnerability that has existed since at least 2011.More
One-size-fits-all not enough to secure IoT
"The growing trend for greater connectivity puts everyday objects at risk of exploitation."More
The future of cybercrime in Australia – ESET
Cyber-attacks will continue so long as the target seems worthwhile and the attackers have funding to continue their work. More
Frost & Sullivan: How SIEM is either an enabler or a retardant
Addressing a constant flow of security alerts is an inevitable consequence of the digital age.More
Whitepaper: A guide for a smooth journey to hybrid cloud
There is no doubt that a move to hybrid cloud is a massive mission but one that - if successful - promises a better world.More
Enterprise at tipping point, says Symantec
Enterprises are struggling to keep up with the rapid expasion of cloud within their business. More
Do we need cybersecurity training? Phishing remains problem area
“Implementing ongoing and effective security awareness training is a necessary foundational pillar when building a strong culture of security."More
10 times malware proved that MacOS isn't bulletproof
Mac users need to come to terms with the fact that their devices are not immune from attack.More
Marriott, British Airways fines highlight critical need for security investment
The last week has brought heavy fines against the likes of global hotel chain Marriott and airline British Airways, casting a harsh spotlight on the price of cyber attacks.More
Huawei working to patch critical security vulnerabilities
Huawei is proactively working with Swascan researchers to fix the vulnerabilities, which could affect three main areas: confidentiality, integrity, and availability.More
Quest QoreStor update extends native cloud storage support
QoreStor 6.0 introduces a new Performance Tier accelerating backup, providing up to 2x recovery point objectives (RPO).More
HCL Technologies closes acquisition of IBM products
Company launches HCL Software business unit to operate the enterprise software offerings.More
Who is really responsible for cloud security?
The joy and the temptation of SaaS is that it is so easy to buy without IT even needing to be involved. More
Application modernisation for the digital enterprise
The digital enterprise couldn’t exist without modern applications – otherwise it would be nothing more than a stale system that’s slow to react to the rapidly-changing conditions in today’s business environment.More
Tenable’s new Cyber Defender Strategies report released
About half (48%) of the enterprises included in the data set are practicing very mature (exhibiting a Diligent or Investigative style) vulnerability assessment strategies. More
Scam warning: Fake Google reviews and business listings targeting the vulnerable 
"Essentially people are doing this because people are easy to scam when they are anxious, desperate or in trouble."More
Protecting organisations from insider threats - Bitglass
The biggest challenge for most external threat actors is gaining access to a target organisation, but insider threats already have this. More
Wandera reports on the state of mobile security in financial services
“In the financial services industry, as in many sectors, the security of client information is the most important asset."More
Australia, NZ and Singapore in cybercriminal firing line
"Cybercriminals continue to develop new, more sophisticated attack methods, and they are carrying them out with astonishing frequency."More
More stories