17 Jul 2018
Story image
Cloud security
Cloud access security broker
Bitglass
Data Protection

Developing a one-two punch for cloud security

By Sara Barker

As organisations adopt cloud-based tools to enhance their operations, many are realising that the security strategies they have in place are no longer providing effective protections. In the past, IT security was primarily aimed at protecting a physical location, such as an office, that had access to a data centre.

The thinking was that everything would be secure if there were firewalls installed at both locations and an encrypted network tunnel between the two. While this held true when applications and data were stored within a corporate data centre, things have changed.

Today, applications and data often rest in a number of different locations, including cloud platforms and services managed by other companies. This is a dramatic shift from the historical tactic of conducting business in an on-premises-only fashion. When data is regularly accessed from a myriad of devices outside the corporate firewall, strategies to maintain effective security have to evolve.

Rapid cloud adoption

Within most organisations, the adoption of cloud-based resources is accelerating – often without the knowledge of IT departments. While sanctioned cloud applications are likely to be in use, employees are just as likely to be using unsanctioned apps as a part of their daily routines. Unfortunately, many of these tools are not enterprise ready – they don’t provide IT with the visibility or data protection features that are needed to defend users and corporate IT infrastructure.

Because data is moving from the corporate network to a virtually infinite number of cloud applications that lack adequate security features, organisations must look to specialised security solutions that can protect data wherever it goes.

This is particularly true in light of compliance requirements that demand heightened security for protected data. Monitoring, administering, and controlling hundreds of cloud apps is impossible without the appropriate tools.

Achieving visibility and security

Organisations must understand how data is used by their staffs before they can prevent it from moving to unsafe destinations. In other words, they must achieve comprehensive visibility as well as data security.

Key tactics for obtaining visibility and control over data include:

  • Identity consolidation: Rather than having disjointed identity management for multiple applications, organisations should leverage the existing corporate user directory and extend access to cloud apps. This gives users single sign-on for all of a business’ applications and lets them access said apps from the devices of their choosing.
  • Central policy enforcement: An enterprise needs to adopt a tool that enforces security policies on everyone accessing data – regardless of the devices that they are using. For example, a business should be able to require multi-factor authentication or that a personal device automatically locks its screen after a certain period of inactivity.
  • Mobility Management: IT teams must also have suitable tools to secure data as it is accessed and stored by mobile devices. In addition to other security features, these solutions should provide the ability to wipe data remotely if the device is lost or an employee leaves the organisation.

The role of CASB and identity as a service (IDaaS)

A cloud access security broker (CASB) provides security when data and applications move to a cloud environment. It manages user devices, enables visibility, ensures data protection, and enforces access controls.

A CASB can bolster defences for data when it is at rest on a cloud platform, and ensure that it remains secure as it is being accessed by users. It allows sessions to be monitored and anomalous activities to be spotted and remediated in real time.

Another important element of any successful security strategy in a cloud environment is identity management. Over the past decade, most organisations have developed identity management systems internally. Today, they must simply extend their best practices and policies to the cloud. This can be achieved by adopting an identity as a service (IDaaS) solution.

IDaaS can be used to fill previously neglected cloud security gaps. For example, many employees use a single, unsecured password across multiple cloud services, increasing the damage that can be done in the event of credential compromise.

As multi-factor authentication has helped to address this problem within corporate IT infrastructure, the capability must also be used to cover cloud platforms via IDaaS. This will help to ensure data and applications are only accessed by the individuals who are authorised to do so.

Business benefits from cloud security

Leveraging CASB and IDaaS delivers three significant advantages to any organisation seeking to secure its use of cloud services.

  • Improved user productivity: Having single sign-on (SSO) allows users to access data and applications from any device or location quickly, easily, and securely. A single set of credentials is all that is needed to gain access to required resources via SSO.
  • Better compliance: Together, CASB and IDaaS achieve end-user productivity and corporate security, ensuring that the enterprise is better able to meet its compliance requirements. Automated security policies can be enforced in real time and activity can be monitored continuously.
  • Increased operational efficiency: An organisation that is confident in its ability to secure data in the cloud can deploy a host of applications. This enables users to seek the best tools for performing their work, which inevitably increases operational efficiency throughout the business. Additionally, this reduces IT-related costs like those incurred when investing in traditional, on-premises infrastructure.

With CASBs and IDaaS, organisations can be confident that they have adopted the key elements needed to ensure effective security in the cloud. Whether separate solutions are deployed together, or both components are found in a single, complete solution, leveraging CASBs and IDaaS gives organisations data security built for the future, allowing them to reap the benefits of the cloud for years to come.

Article by Bitglass vice president of Asia Pacific and Japan, David Shephard.

Related stories
Video: 10 Minute IT Jams - Traditional cybersecurity vs data protection>>
How Microsoft security infrastructure can sink a business>>
State-affiliated threat actors attribute 57% of all known web app incidents over last five years - Report>>
Fortinet wins Google Cloud Global Technology Partner of the Year award for Security>>
Beware the top three blind spots that precede cloud data breaches>>
Network security in the cloud more important than ever>>
Top stories
Recent stories
Story image
Blockchain
$10 million bug bounty fund for projects building on Binance Smart Chain
Binance Smart Chain has launched Priority ONE, a $10 million bug bounty fund for projects building on top of BSC. >>
Story image
Hacking
Rise in hacking tool downloads as cybercrime becomes 'more organised than ever'
"The proliferation of pirated hacking tools and underground forums are allowing previously low-level actors to pose serious risks to enterprise security.">>
Story image
Online dating
Online dating users doxed as personal data exposed
"You might find the love of your life online but unfortunately, there are also bots and fraudsters looking for prey on dating platforms."online >>
Story image
Cyber attack
Security professionals unprepared for escalating software supply chain attacks
IT security professionals and developers aren’t completely confident in their ability to defend against another SolarWinds/Codecov-style supply chain attack.>>
Story image
Disaster Recovery
Police IT disaster recovery a 'very high risk area', audit reveals
Police computer systems have been ill-prepared to cope with a disaster like a major hack. >>
Story image
Network Detection and Response / NDR
Sophos to boost adaptive cybersecurity ecosystem with network detection and response 
"Businesses of all sizes often miscalculate their assets and attack surface, both on-premises and in the cloud.">>
Story image
Infosys
Interview: Infosys CISO Vishal Salvi on cybersecurity and Cyber Defence Centres
We spoke to CISO Vishal Salvi to learn more about the company's approach to cybersecurity and what it means for customers.>>
Story image
Google
Google intensifies NZ ops with cloud interconnect location, new hires & Auckland office
The company has launched a Google Cloud Dedicated Interconnect location in Auckland, and a new AUNZ Google Cloud region in Melbourne, Australia.>>
Story image
Cybersecurity
Cybersecurity roadblocks: 5 things leaders need to act on now
In 2021, organisations must focus on security as the foundation for safely creating, storing and managing data.>>
Story image
Cybersecurity
CEOs, CISOs doubling down on cloud-based cybersecurity
“Industry leaders are emphatically pointing to a very different future for cybersecurity.">>
Story image
Cybersecurity
Cost of a data breach hits record high during pandemic - IBM
Security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic.>>
Story image
Scams
Tech support scams remain a global threat - Microsoft
Tactics used by fraudsters to victimise users online have evolved over time, from pure cold calling to more sophisticated ploys.>>
Story image
Privileged Access Management / PAM
OneLogin solution to enable organisations to adopt Zero Trust principle of least privilege access
“For organisations to adopt a Zero Trust framework, they must embrace the concept of least privilege access.">>
Story image
Cybersecurity
State-affiliated threat actors attribute 57% of all known web app incidents over last five years - Report
According to a multi-source report, state-affiliated threat actors attributed to 57% of all known web application incidents over the last five years.>>
Link image
Cybersecurity
How do you break a hacker’s heart? Find out on 5 August
The team at Sophos knows exactly how to ruin a hacker’s day, and they want to share these tips with you. Join a virtual tour on 5 August (2pm SGT) to find out how.>>
Story image
Verified Mark Certificates
Entrust launches Verified Mark Certificates to support BIMI email authentication standard>>
Story image
Cybersecurity
Cyber attackers will have weaponised operational technology environments to harm or kill humans - Gartner>>
Story image
Ransomware
How Microsoft security infrastructure can sink a business>>
Story image
Endpoint detection and response / EDR
Fortinet: Extended Detection and Response (XDR) critical for security automation>>
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - Who is Fastly?>>
Story image
Claroty
Claroty launches research arm dedicated to revealing critical vulnerabilities>>
Story image
SD-WAN
Colt further secures hybrid working with new SD-WAN feature>>
Story image
Cybersecurity
Microsoft partners with AustCyber to launch cybersecurity traineeship program>>
Story image
Acquisitions
Sysdig eyes up DevOps security capabilities through Apolicy acquisition>>
Story image
Cybersecurity
Risky business: Majority of workers take cybersecurity shortcuts despite knowing dangers>>
Story image
Cyber Threats
ConnectWise and SentinelOne bring greater cybersecurity to TSPs>>
Story image
Fortinet
Fortinet wins Google Cloud Global Technology Partner of the Year award for Security>>
Story image
Privileged Access Management / PAM
Thycotic and Centrify named as Leaders in Gartner MQ for Privileged Access Management>>
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - BeyondTrust on securing critical infrastructure>>
Story image
Application testing
The importance of data masking and testing in an evolving organisational landscape>>
Story image
Phishing
Tech support scams among top phishing attacks>>
Story image
Cybersecurity
Video: 10 Minute IT Jams - Traditional cybersecurity vs data protection>>
Story image
Malware
New malware strain targeting Mac users for only $49>>
More stories