Story image
Data Protection
Cloud Security
Bitglass
Cloud access security broker

Developing a one-two punch for cloud security

By Sara Barker, Tue 17 Jul 2018
FYI, this story is more than a year old

As organisations adopt cloud-based tools to enhance their operations, many are realising that the security strategies they have in place are no longer providing effective protections. In the past, IT security was primarily aimed at protecting a physical location, such as an office, that had access to a data centre.

The thinking was that everything would be secure if there were firewalls installed at both locations and an encrypted network tunnel between the two. While this held true when applications and data were stored within a corporate data centre, things have changed.

Today, applications and data often rest in a number of different locations, including cloud platforms and services managed by other companies. This is a dramatic shift from the historical tactic of conducting business in an on-premises-only fashion. When data is regularly accessed from a myriad of devices outside the corporate firewall, strategies to maintain effective security have to evolve.

Rapid cloud adoption

Within most organisations, the adoption of cloud-based resources is accelerating – often without the knowledge of IT departments. While sanctioned cloud applications are likely to be in use, employees are just as likely to be using unsanctioned apps as a part of their daily routines. Unfortunately, many of these tools are not enterprise ready – they don’t provide IT with the visibility or data protection features that are needed to defend users and corporate IT infrastructure.

Because data is moving from the corporate network to a virtually infinite number of cloud applications that lack adequate security features, organisations must look to specialised security solutions that can protect data wherever it goes.

This is particularly true in light of compliance requirements that demand heightened security for protected data. Monitoring, administering, and controlling hundreds of cloud apps is impossible without the appropriate tools.

Achieving visibility and security

Organisations must understand how data is used by their staffs before they can prevent it from moving to unsafe destinations. In other words, they must achieve comprehensive visibility as well as data security.

Key tactics for obtaining visibility and control over data include:

  • Identity consolidation: Rather than having disjointed identity management for multiple applications, organisations should leverage the existing corporate user directory and extend access to cloud apps. This gives users single sign-on for all of a business’ applications and lets them access said apps from the devices of their choosing.
  • Central policy enforcement: An enterprise needs to adopt a tool that enforces security policies on everyone accessing data – regardless of the devices that they are using. For example, a business should be able to require multi-factor authentication or that a personal device automatically locks its screen after a certain period of inactivity.
  • Mobility Management: IT teams must also have suitable tools to secure data as it is accessed and stored by mobile devices. In addition to other security features, these solutions should provide the ability to wipe data remotely if the device is lost or an employee leaves the organisation.

The role of CASB and identity as a service (IDaaS)

A cloud access security broker (CASB) provides security when data and applications move to a cloud environment. It manages user devices, enables visibility, ensures data protection, and enforces access controls.

A CASB can bolster defences for data when it is at rest on a cloud platform, and ensure that it remains secure as it is being accessed by users. It allows sessions to be monitored and anomalous activities to be spotted and remediated in real time.

Another important element of any successful security strategy in a cloud environment is identity management. Over the past decade, most organisations have developed identity management systems internally. Today, they must simply extend their best practices and policies to the cloud. This can be achieved by adopting an identity as a service (IDaaS) solution.

IDaaS can be used to fill previously neglected cloud security gaps. For example, many employees use a single, unsecured password across multiple cloud services, increasing the damage that can be done in the event of credential compromise.

As multi-factor authentication has helped to address this problem within corporate IT infrastructure, the capability must also be used to cover cloud platforms via IDaaS. This will help to ensure data and applications are only accessed by the individuals who are authorised to do so.

Business benefits from cloud security

Leveraging CASB and IDaaS delivers three significant advantages to any organisation seeking to secure its use of cloud services.

  • Improved user productivity: Having single sign-on (SSO) allows users to access data and applications from any device or location quickly, easily, and securely. A single set of credentials is all that is needed to gain access to required resources via SSO.
  • Better compliance: Together, CASB and IDaaS achieve end-user productivity and corporate security, ensuring that the enterprise is better able to meet its compliance requirements. Automated security policies can be enforced in real time and activity can be monitored continuously.
  • Increased operational efficiency: An organisation that is confident in its ability to secure data in the cloud can deploy a host of applications. This enables users to seek the best tools for performing their work, which inevitably increases operational efficiency throughout the business. Additionally, this reduces IT-related costs like those incurred when investing in traditional, on-premises infrastructure.

With CASBs and IDaaS, organisations can be confident that they have adopted the key elements needed to ensure effective security in the cloud. Whether separate solutions are deployed together, or both components are found in a single, complete solution, leveraging CASBs and IDaaS gives organisations data security built for the future, allowing them to reap the benefits of the cloud for years to come.

Article by Bitglass vice president of Asia Pacific and Japan, David Shephard.

Related stories
Forcepoint acquires Bitglass to bolster Security Service Edge>>
Fortinet and Tracer Cloud innovate in scalability using AWS security architecture>>
Uptick in privacy-driven spending reflects growing importance of data protection worldwide>>
Check Point and Alkira alliance to bring enterprise-class security to cloud workloads>>
McAfee announces online protection service to protect people not products>>
Hybrid workplaces here to stay, Palo Alto Networks steps in with security service>>
Top stories
Recent stories
Story image
Disaster Recovery
Cohesity expands portfolio with Disaster Recovery as a Service, partners with AWS
"There has never been a more critical time to offer disaster recovery as a service.">>
Story image
Unified Communications / UC
Sietec sells to Fastcom, says 'business as usual' for customers
All current staff at the company will also remain on board, while Fastcom’s engineering team may also take on dual roles to support Fastcom and Sietec customers.>>
Story image
DDoS
Radware adds DDoS protection against low-volume flood attacks
"The impact of phantom flood attacks should not be underestimated. They can cause major disruption to the customer experience when they go undetected.">>
Story image
Malware
Two of three Australian SMBs became victims of cyber-attacks over the past year
SMBs in Asia Pacific are more worried about cybersecurity threats than before, research finds. >>
Story image
Integration
Zscaler and CrowdStrike deepen zero trust integrations
Zscaler has expanded integrations with CrowdStrike, allowing Zscaler ZIA to leverage CrowdStrike Falcon ZTA (Zero Trust Assessment) device scores for access policy configuration.>>
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - BeyondTrust CTO discusses common attack vectors in 2021
In Techday's third and final IT Jam with BeyondTrust, we speak to Marc Maiffret, who is the company's CTO.>>
Story image
Phishing
Technology, not training, protects users from phishing
Businesses should prioritise utilisation of readily available authentication technologies to prevent the ongoing phishing threat.>>
Story image
Cybersecurity
CrowdStrike brings 'observability to everyone' with Humio release
“I want everyone to experience the power of Humio. With Humio Community Edition, Humio provides the most powerful capabilities needed for modern observability.">>
Story image
Payment innovation
COVID-19 drives up digital payments throughout APAC region
"From these solid statistics, we can infer that the pandemic has triggered more people to dip their toes into the digital economy, which may fully dethrone cash use here in the next three to five years.”>>
Story image
Apple
Jamf unveils a range of new features at its 12th annual conference
Jamf has kicked off its 12th annual Jamf Nation User Conference with more than 11,000 Apple administrators in attendance worldwide.>>
Story image
Malware
Google uncovers phishing campaign targeting YouTube creators with cookie theft malware
Cookie Theft, or pass-the-cookie attack, is a session hijacking technique that enables access to user accounts with session cookies stored in the browser. >>
Story image
Appointments
Avast announces three new appointments to leadership team
Daria Loi will serve as head of innovation, Siggi Stefnisson as head of threat labs, and Andrew Gardner as vice president of research and AI.>>
Story image
Security Operations Centre / SOC
AdvantageNZ takes the win at LogRhythm partner awards
The local MSP has capped off an impressive year with another win at the local awards.>>
Story image
Scams
Crypto romance scam targeting iPhone users raking in millions
"Attackers are making millions of dollars with this scam," according to Sophos.>>
Story image
Remote Working
Remote work leaving businesses exposed to cyber attack
"Offices and laptops can be replaced, but a company's proprietary data cannot.">>
Story image
Mergers and Acquisitions
Forcepoint acquires Bitglass to bolster Security Service Edge>>
Story image
Ransomware
ManageEngine brings endpoint protection capabilities to enterprise customers>>
Story image
Artificial Intelligence / AI
Cybersecurity practitioners are convinced they need AI — now comes the hard part>>
Story image
Zero trust
APAC organisations prioritising Zero Trust Security more than other regions>>
Story image
Malware
Trickbot remains top malware impacting NZ - report>>
Story image
Microsoft
Vodafone hits Microsoft Gold Security milestone>>
Story image
Artificial Intelligence / AI
Fortinet: Artificial intelligence essential to combat fast-moving threats>>
Story image
Cybersecurity
ESET and Chillisoft launch MDR solution in A/NZ>>
Story image
Cybersecurity
Organisations struggling to defend attack surface in hybrid work>>
Story image
Cybersecurity
Lacework and Snowflake partner, bring data into the security conversation>>
Story image
Malware
Rackspace highlights top security challenges of today's organisations>>
Story image
Firewall
SonicWall 'returns choice' to customers by securing different network environments>>
Story image
Cybersecurity
Cyber Smart Week takes cybersecurity back to basics>>
Story image
Artificial Intelligence / AI
Gartner identifies the top strategic technology trends for 2022>>
Story image
SaaS
Cohesity unveils new SaaS solutions to combat ransomware attacks>>
Story image
Disaster Recovery
Cohesity adds disaster recovery to Data Management as a Service portfolio>>
Story image
LogRhythm
LogRhythm announces winners of NZ Partner of the Year Awards>>
Story image
Cybersecurity
Pluralsight extends Skills offerings for cybersecurity, IT ops and development>>
More stories