Developing a one-two punch for cloud security

17 Jul 18
Sara Barker

As organisations adopt cloud-based tools to enhance their operations, many are realising that the security strategies they have in place are no longer providing effective protections. In the past, IT security was primarily aimed at protecting a physical location, such as an office, that had access to a data centre.

The thinking was that everything would be secure if there were firewalls installed at both locations and an encrypted network tunnel between the two. While this held true when applications and data were stored within a corporate data centre, things have changed.

Today, applications and data often rest in a number of different locations, including cloud platforms and services managed by other companies. This is a dramatic shift from the historical tactic of conducting business in an on-premises-only fashion. When data is regularly accessed from a myriad of devices outside the corporate firewall, strategies to maintain effective security have to evolve.

Rapid cloud adoption

Within most organisations, the adoption of cloud-based resources is accelerating – often without the knowledge of IT departments. While sanctioned cloud applications are likely to be in use, employees are just as likely to be using unsanctioned apps as a part of their daily routines. Unfortunately, many of these tools are not enterprise ready – they don’t provide IT with the visibility or data protection features that are needed to defend users and corporate IT infrastructure.

Because data is moving from the corporate network to a virtually infinite number of cloud applications that lack adequate security features, organisations must look to specialised security solutions that can protect data wherever it goes.

This is particularly true in light of compliance requirements that demand heightened security for protected data. Monitoring, administering, and controlling hundreds of cloud apps is impossible without the appropriate tools.

Achieving visibility and security

Organisations must understand how data is used by their staffs before they can prevent it from moving to unsafe destinations. In other words, they must achieve comprehensive visibility as well as data security.

Key tactics for obtaining visibility and control over data include:

  • Identity consolidation: Rather than having disjointed identity management for multiple applications, organisations should leverage the existing corporate user directory and extend access to cloud apps. This gives users single sign-on for all of a business’ applications and lets them access said apps from the devices of their choosing.
  • Central policy enforcement: An enterprise needs to adopt a tool that enforces security policies on everyone accessing data – regardless of the devices that they are using. For example, a business should be able to require multi-factor authentication or that a personal device automatically locks its screen after a certain period of inactivity.
  • Mobility Management: IT teams must also have suitable tools to secure data as it is accessed and stored by mobile devices. In addition to other security features, these solutions should provide the ability to wipe data remotely if the device is lost or an employee leaves the organisation.

The role of CASB and identity as a service (IDaaS)

A cloud access security broker (CASB) provides security when data and applications move to a cloud environment. It manages user devices, enables visibility, ensures data protection, and enforces access controls.

A CASB can bolster defences for data when it is at rest on a cloud platform, and ensure that it remains secure as it is being accessed by users. It allows sessions to be monitored and anomalous activities to be spotted and remediated in real time.

Another important element of any successful security strategy in a cloud environment is identity management. Over the past decade, most organisations have developed identity management systems internally. Today, they must simply extend their best practices and policies to the cloud. This can be achieved by adopting an identity as a service (IDaaS) solution.

IDaaS can be used to fill previously neglected cloud security gaps. For example, many employees use a single, unsecured password across multiple cloud services, increasing the damage that can be done in the event of credential compromise.

As multi-factor authentication has helped to address this problem within corporate IT infrastructure, the capability must also be used to cover cloud platforms via IDaaS. This will help to ensure data and applications are only accessed by the individuals who are authorised to do so.

Business benefits from cloud security

Leveraging CASB and IDaaS delivers three significant advantages to any organisation seeking to secure its use of cloud services.

  • Improved user productivity: Having single sign-on (SSO) allows users to access data and applications from any device or location quickly, easily, and securely. A single set of credentials is all that is needed to gain access to required resources via SSO.
  • Better compliance: Together, CASB and IDaaS achieve end-user productivity and corporate security, ensuring that the enterprise is better able to meet its compliance requirements. Automated security policies can be enforced in real time and activity can be monitored continuously.
  • Increased operational efficiency: An organisation that is confident in its ability to secure data in the cloud can deploy a host of applications. This enables users to seek the best tools for performing their work, which inevitably increases operational efficiency throughout the business. Additionally, this reduces IT-related costs like those incurred when investing in traditional, on-premises infrastructure.

With CASBs and IDaaS, organisations can be confident that they have adopted the key elements needed to ensure effective security in the cloud. Whether separate solutions are deployed together, or both components are found in a single, complete solution, leveraging CASBs and IDaaS gives organisations data security built for the future, allowing them to reap the benefits of the cloud for years to come.

Article by Bitglass vice president of Asia Pacific and Japan, David Shephard.

Share on: LinkedIn Twitter Facebook

Bitglass
Cloud access security broker
Data security
Cloud security
The features that should be front and centre when evaluating SIEMs
According to Frost & Sullivan, SIEM can either be an enabler or a retardant and there's a thin line between the two - here's the key attributes.
Download
Review: Cut through the noise with AI-driven threat analytics
SANS has provided an independent review of a new AI analytics solution designed to rescue businesses 'drowning in data' from SIEM platforms.
Download
The quick guide to understanding cybercriminals' motivations
Check out this incredibly helpful and interesting guide to exactly what cybercriminals are after, and how you can keep yourself safe.
Download
Whitepaper: How businesses can buff up their cyber defences
By 2020, 60% of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk.
Download
Study: Proactive approach needed in handling cyber threats
30% of security practitioners don’t believe their organisations are equipped to handle security threats.
Download
30 Aug
Report reveals 80% increase in email impersonation attacks
For every 50 emails inspected by email security solutions, there is one unstopped malicious link.
27 Aug
EMA names Pulse Secure leader in hybrid IT secure access platform solutions
The survey included executives from over 200 enterprises and an analysis of hundreds of vendor product briefings, case studies and demonstrations.
21 Aug
The five-step guide to securing data in the cloud - IDC
This is especially important with the implementation of privacy regulations such as GDPR.
31 Jul
Bitglass and Okta team up to bring identity management capabilities to the cloud
The combined solution leverages Bitglass' CASB solution and Okta’s zero-touch IAM platform to make for a simplified identity and security solution.
31 Jul
Bitglass and Okta team up to bring identity management capabilities to the cloud
The combined solution leverages Bitglass' CASB solution and Okta’s zero-touch IAM platform to make for a simplified identity and security solution.
30 Jul
WatchGuard launches multi-factor authentication for SMBs
WatchGuard Technologies unveiled AuthPoint, a cloud-based multi-factor authentication solution for SMBs.
17 Jul
Developing a one-two punch for cloud security
When data is regularly accessed from a myriad of devices outside the corporate firewall, strategies to maintain effective security have to evolve.
04 Jul
EXCLUSIVE: Microsoft CTO talks securing data in the cloud era
Organisations should treat identity management and protection as one of the core elements of a “modern” approach to security.
26 Jun
Busting the top five myths and mistruths about cloud security
Myths and mistruths continue to exist when it comes to security within the cloud.
22 Jun
How to get the right kind of control over your cloud
Trust in the cloud hasn’t always been universal.
21 Jun
Barracuda appoints Andrew Huntley to lead APAC sales
Huntley first joined Barracuda in May 2017 as territory account manager.
19 Jun
GDPR, changing what it means to be a good data custodian
One of the key elements of the GDPR is that it empowers citizens to have a voice in how their data is used.
18 Jun
Synology launches product to protect scattered data in physical, virtual, and cloud workloads
More and more companies and organisations are operating across physical, virtual, and cloud platforms.
05 Jun
Vulnerability, breach, and patch: Break the vicious cycle
Deploying static defences against a continually evolving attacker makes no sense.
23 May
Five recommendations for effective cloud security
With these five recommendations for effective cloud security, organisations can reduce the inherent risks associated with cloud environments.
21 May
Securing cloud platforms in the financial services sector
Organisations in the financial services sector are faced with a unique set of challenges when it comes to IT security.
09 May
Privacy Week interview: Aura Information Security's Peter Bailey
I spoke to Aura’s general manager Peter Bailey to get his take on Privacy Week, data security, and why privacy is everyone's responsibility.
07 May
Privacy Week: 79% of Kiwis concerned about businesses that share their personal info
Those on a lower income of $55,000 or less were more likely to be concerned about privacy (77%) than those with higher incomes (63%).
17 Apr
Microsoft unleashes broad range of security features & partnerships at RSA Conference
Secure microcontrollers, 365 commercial cloud, advanced threat protection tools; and stronger partnerships are all top-of-mind for Microsoft.
09 Apr
EBOOK: The most effective way to protect data in the cloud
Depending on your company’s maturity and business goals, you need a network of people, process and technology that works together.