As organisations adopt cloud-based tools to enhance their operations, many are realising that the security strategies they have in place are no longer providing effective protections. In the past, IT security was primarily aimed at protecting a physical location, such as an office, that had access to a data centre.
The thinking was that everything would be secure if there were firewalls installed at both locations and an encrypted network tunnel between the two. While this held true when applications and data were stored within a corporate data centre, things have changed.
Today, applications and data often rest in a number of different locations, including cloud platforms and services managed by other companies. This is a dramatic shift from the historical tactic of conducting business in an on-premises-only fashion. When data is regularly accessed from a myriad of devices outside the corporate firewall, strategies to maintain effective security have to evolve.
Rapid cloud adoption
Within most organisations, the adoption of cloud-based resources is accelerating – often without the knowledge of IT departments. While sanctioned cloud applications are likely to be in use, employees are just as likely to be using unsanctioned apps as a part of their daily routines. Unfortunately, many of these tools are not enterprise ready – they don’t provide IT with the visibility or data protection features that are needed to defend users and corporate IT infrastructure.
Because data is moving from the corporate network to a virtually infinite number of cloud applications that lack adequate security features, organisations must look to specialised security solutions that can protect data wherever it goes.
This is particularly true in light of compliance requirements that demand heightened security for protected data. Monitoring, administering, and controlling hundreds of cloud apps is impossible without the appropriate tools.
Achieving visibility and security
Organisations must understand how data is used by their staffs before they can prevent it from moving to unsafe destinations. In other words, they must achieve comprehensive visibility as well as data security.
Key tactics for obtaining visibility and control over data include:
The role of CASB and identity as a service (IDaaS)
A cloud access security broker (CASB) provides security when data and applications move to a cloud environment. It manages user devices, enables visibility, ensures data protection, and enforces access controls.
A CASB can bolster defences for data when it is at rest on a cloud platform, and ensure that it remains secure as it is being accessed by users. It allows sessions to be monitored and anomalous activities to be spotted and remediated in real time.
Another important element of any successful security strategy in a cloud environment is identity management. Over the past decade, most organisations have developed identity management systems internally. Today, they must simply extend their best practices and policies to the cloud. This can be achieved by adopting an identity as a service (IDaaS) solution.
IDaaS can be used to fill previously neglected cloud security gaps. For example, many employees use a single, unsecured password across multiple cloud services, increasing the damage that can be done in the event of credential compromise.
As multi-factor authentication has helped to address this problem within corporate IT infrastructure, the capability must also be used to cover cloud platforms via IDaaS. This will help to ensure data and applications are only accessed by the individuals who are authorised to do so.
Business benefits from cloud security
Leveraging CASB and IDaaS delivers three significant advantages to any organisation seeking to secure its use of cloud services.
With CASBs and IDaaS, organisations can be confident that they have adopted the key elements needed to ensure effective security in the cloud. Whether separate solutions are deployed together, or both components are found in a single, complete solution, leveraging CASBs and IDaaS gives organisations data security built for the future, allowing them to reap the benefits of the cloud for years to come.
Article by Bitglass vice president of Asia Pacific and Japan, David Shephard.