New Zealand
Story image

Developing a one-two punch for cloud security

17 Jul 2018
Sara Barker
Share:
LinkedIn
Twitter
Facebook

As organisations adopt cloud-based tools to enhance their operations, many are realising that the security strategies they have in place are no longer providing effective protections. In the past, IT security was primarily aimed at protecting a physical location, such as an office, that had access to a data centre.

The thinking was that everything would be secure if there were firewalls installed at both locations and an encrypted network tunnel between the two. While this held true when applications and data were stored within a corporate data centre, things have changed.

Today, applications and data often rest in a number of different locations, including cloud platforms and services managed by other companies. This is a dramatic shift from the historical tactic of conducting business in an on-premises-only fashion. When data is regularly accessed from a myriad of devices outside the corporate firewall, strategies to maintain effective security have to evolve.

Rapid cloud adoption

Within most organisations, the adoption of cloud-based resources is accelerating – often without the knowledge of IT departments. While sanctioned cloud applications are likely to be in use, employees are just as likely to be using unsanctioned apps as a part of their daily routines. Unfortunately, many of these tools are not enterprise ready – they don’t provide IT with the visibility or data protection features that are needed to defend users and corporate IT infrastructure.

Because data is moving from the corporate network to a virtually infinite number of cloud applications that lack adequate security features, organisations must look to specialised security solutions that can protect data wherever it goes.

This is particularly true in light of compliance requirements that demand heightened security for protected data. Monitoring, administering, and controlling hundreds of cloud apps is impossible without the appropriate tools.

Achieving visibility and security

Organisations must understand how data is used by their staffs before they can prevent it from moving to unsafe destinations. In other words, they must achieve comprehensive visibility as well as data security.

Key tactics for obtaining visibility and control over data include:

  • Identity consolidation: Rather than having disjointed identity management for multiple applications, organisations should leverage the existing corporate user directory and extend access to cloud apps. This gives users single sign-on for all of a business’ applications and lets them access said apps from the devices of their choosing.
  • Central policy enforcement: An enterprise needs to adopt a tool that enforces security policies on everyone accessing data – regardless of the devices that they are using. For example, a business should be able to require multi-factor authentication or that a personal device automatically locks its screen after a certain period of inactivity.
  • Mobility Management: IT teams must also have suitable tools to secure data as it is accessed and stored by mobile devices. In addition to other security features, these solutions should provide the ability to wipe data remotely if the device is lost or an employee leaves the organisation.

The role of CASB and identity as a service (IDaaS)

A cloud access security broker (CASB) provides security when data and applications move to a cloud environment. It manages user devices, enables visibility, ensures data protection, and enforces access controls.

A CASB can bolster defences for data when it is at rest on a cloud platform, and ensure that it remains secure as it is being accessed by users. It allows sessions to be monitored and anomalous activities to be spotted and remediated in real time.

Another important element of any successful security strategy in a cloud environment is identity management. Over the past decade, most organisations have developed identity management systems internally. Today, they must simply extend their best practices and policies to the cloud. This can be achieved by adopting an identity as a service (IDaaS) solution.

IDaaS can be used to fill previously neglected cloud security gaps. For example, many employees use a single, unsecured password across multiple cloud services, increasing the damage that can be done in the event of credential compromise.

As multi-factor authentication has helped to address this problem within corporate IT infrastructure, the capability must also be used to cover cloud platforms via IDaaS. This will help to ensure data and applications are only accessed by the individuals who are authorised to do so.

Business benefits from cloud security

Leveraging CASB and IDaaS delivers three significant advantages to any organisation seeking to secure its use of cloud services.

  • Improved user productivity: Having single sign-on (SSO) allows users to access data and applications from any device or location quickly, easily, and securely. A single set of credentials is all that is needed to gain access to required resources via SSO.
  • Better compliance: Together, CASB and IDaaS achieve end-user productivity and corporate security, ensuring that the enterprise is better able to meet its compliance requirements. Automated security policies can be enforced in real time and activity can be monitored continuously.
  • Increased operational efficiency: An organisation that is confident in its ability to secure data in the cloud can deploy a host of applications. This enables users to seek the best tools for performing their work, which inevitably increases operational efficiency throughout the business. Additionally, this reduces IT-related costs like those incurred when investing in traditional, on-premises infrastructure.

With CASBs and IDaaS, organisations can be confident that they have adopted the key elements needed to ensure effective security in the cloud. Whether separate solutions are deployed together, or both components are found in a single, complete solution, leveraging CASBs and IDaaS gives organisations data security built for the future, allowing them to reap the benefits of the cloud for years to come.

Article by Bitglass vice president of Asia Pacific and Japan, David Shephard.

Related stories:
nCipher launches HSM-as-a-Service for organisations adopting cloud-first strategies
Trustwave platform brings more visibility and control cloud security
Scale Computing integrates Acronis services into HC3 platform
AlgoSec announces new features to improve Cisco ACI automation and application visibility
OutSystems gains new certifications for cloud security compliance
Ping Identity launches private cloud identity solution
Dig deeper:
Story image
13 Sep
IoT a hot topic in cybercriminal underbelly
"We've lifted the lid on the IoT threat landscape to find that cybercriminals are well on their way to creating a thriving marketplace for certain IoT-based attacks."More
Story image
17 Sep
Mimecast’s top A/NZ channel partners of 2019
The company has announced the winners of its Mimecast Partner Awards which celebrate channel partner performance across eight categories.More
Story image
04 Sep
How the iPhone malware discovery affects Apple users – Malwarebytes
The malware implant has been patched, but iPhone users should ensure they’re running on the latest version of iOS (12.1.4) to leverage the security patches.More
Story image
12 Aug
Tapping into SD-WAN’s productivity gains without the security concerns
If you can migrate all of your security requirements to a single, interoperable security fabric, you can reduce your operational overheads significantly.More
Story image
Yesterday
Rapid data growth becoming major business challenge
StorageCraft research reveals rampant data growth, and inadequate IT infrastructures are a source of global concern and risk.More
Story image
05 Sep
AlgoSec announces new features to improve Cisco ACI automation and application visibility
AlgoSec A30 release delivers new automation capabilities that enable zero-touch security management across SDN, cloud and on-premise networks. More
Story image
IoT a hot topic in cybercriminal underbelly
"We've lifted the lid on the IoT threat landscape to find that cybercriminals are well on their way to creating a thriving marketplace for certain IoT-based attacks."More
Story image
Mimecast’s top A/NZ channel partners of 2019
The company has announced the winners of its Mimecast Partner Awards which celebrate channel partner performance across eight categories.More
Story image
How the iPhone malware discovery affects Apple users – Malwarebytes
The malware implant has been patched, but iPhone users should ensure they’re running on the latest version of iOS (12.1.4) to leverage the security patches.More
Story image
Tapping into SD-WAN’s productivity gains without the security concerns
If you can migrate all of your security requirements to a single, interoperable security fabric, you can reduce your operational overheads significantly.More
Story image
Rapid data growth becoming major business challenge
StorageCraft research reveals rampant data growth, and inadequate IT infrastructures are a source of global concern and risk.More
Story image
AlgoSec announces new features to improve Cisco ACI automation and application visibility
AlgoSec A30 release delivers new automation capabilities that enable zero-touch security management across SDN, cloud and on-premise networks. More
Story image
Why businesses need a strategy to combat the enemy within – Ping Identity
While strengthening your organisation’s external defences with the latest tools and technologies makes sound sense, it’s only half a battle plan.More
Story image
GitHub amps up vulnerability reporting capabilities
GitHub has announced new capabilities that make it easier for developers to report vulnerabilities directly from their repositories.More
Story image
Digitally transform without fear with consistent security policies
DX carries increased risk, especially as organisations extend their network operations further afield with Operational Technology (OT) and tap into new opportunities with 5G.More
Story image
F&S: Global first responder C3I spending to near US$100 million
Providing solutions that can make cross-agency sharing and access efficient and effective will augment growth prospects, finds Frost & Sullivan.More
Download image
The true extent of cloud inertia’s effect on your organisation
The report dives into the importance of expertise to an organisation’s cloud evolution and the impact the current technical skills gap is having on businesses.More
Story image
DNS amplification attacks increase 1000% since last year - Nexusguard
Enterprise networks and communications service providers (CSPs) need attack mitigation as DNS patch adoption creates new threats.More
Story image
Gartner: Blockchain to be “transformational” within a decade
Gartner’s 2019 Hype Cycle for Blockchain Business shows that blockchain will have a transformational impact across industries in 5 to 10 years.More
Story image
Over 50% of incident response requests occur after damage complete – Kaspersky
It is often assumed that incident response is only needed in cases when damage from a cyber-attack has already occurred and there is a need for further investigation.More
Story image
Advanced Security named as NZSA Security Integrator of the Year
The company also won an award for staff retention and development, and one of its staff was recognised as professional of the year in his sector.More
Story image
Katana Technologies releases anti-ransomware solution
Financial losses to cyber-attacks in New Zealand reported between 1 April and 30 June were $6.5 million, up from the $1.7 million reported in the previous quarter. More
Download image
How to manage Windows 10 like a smartphone
If only a business’ Windows 10 endpoints could be managed with the same simple, intuitive toolsets as smartphones.More
Story image
HID Global acquires PKI-as-a-service solutions provider HydrantID
The acquisition of HydrantID will allow HID Global to offer enterprise customers a broader range of options, plus the flexibility and scalability of PKI-as-a-service.More
Story image
Sophos named Magic Quadrant Leader, changes up APAC channel staff
This is the 11th time in a row Sophos has been positioned as Leader and shaken up its APAC and A/NZ channel execs.More
Story image
Proofpoint integrates people-centric protection with Okta’s Identity Cloud
The partnership aims to bolster the security posture for organisations’ very attacked people (VAPs) by applying additional adaptive security controls.More
Story image
Stairway to hell: Scams, ransomware, and $6.5m gone from Kiwis' pockets
In just a three month period this year, New Zealanders reported more than 1000 cybersecurity incidents and financial losses of $6.5 million to CERT NZ.More
Story image
Gartner names Trend Micro leader in endpoint protection platforms
The endpoint is increasingly the frontline in the war against cyber-threats and IT teams are overwhelmed by the volume of alerts they must manage.More
Story image
NZ's global alliances put it at risk for cyber attacks, expert says
"Since 2018, there is clear evidence and a growing trend that the most significant and successful cyber-attacks are carried out by state actors."More
Story image
Scale Computing integrates Acronis services into HC3 platform
The Scale Computing HC3 platform will now include Acronis Backup, which will deliver data protection, disaster recovery, and threat mitigation.More
Story image
Citrix and Palo Alto Networks team up on SD-WAN protection
The collaboration aims to enable easy deployment and management of next-generation firewalls within Citrix SD-WAN.More
Story image
Fileless attacks surge as attackers look to boost ROI
Fileless attacks have skyrocketed 265% this year compared to the first half of 2018, and there’s no sign that they will slow down.More
Download image
Beyond deployment: Making AWS work for your use case
If you’re a business that wants to understand how to save time with your technology, AWS actively seeks those optimisations and gets your technology to work in ways it couldn’t work before.More
Understanding the shifting paradigm of the threat landscape
“The ability of threats to persist has made the whole idea of prevention obsolete.”More
VMware's open pledge to help partners and customers make their mark
Technology is neither good nor bad, but it’s often how we shape it. Will technology shape the world we want to live in? Or will it create a world we’re afraid to live in?More
Are they listening? Kiwis wary of smart devices
While talking aloud, a voice-activated, home-based smart speaker asked for more info - even though it was not turned it on. More
Illusive Networks joins LogRhythm technology alliance partner program
The resulting integration will provide real-time, post-breach threat detection while enhancing and automating incident response.More
Apple issues clarification on extent of iOS malware infection
The attack affected fewer than a dozen websites that focus on content related to the Uighur community. More
Zscaler and CrowdStrike partner on cloud and endpoint protection
CrowdStrike’s AI-powered Threat Graph will integrate with Zscaler’s cloud security platform to provide customers with real-time threat detection and automated policy enforcement.More
DTCC and Accenture unveil research on blockchain governance model
The study introduces model that addresses the responsibilities and critical functions in operating and maintaining a private, permissioned DLT platform.More
IoT devices lacking basic security assessments
Research firm Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming an industry-wide problem of a lack of basic security diligence.More
Board members in A/NZ most engaged in cybersecurity – Infosys
The research highlights how cybersecurity is a top priority for organisations in the A/NZ market, with boards taking a more hands-on approach to cybersecurity.More
Whitepaper: The IT directors’ guide to application modernisation
The digital enterprise couldn’t exist without modern applications – otherwise it would be nothing more than a stale system that’s slow to react.More
Five winning strategies for VMware in 2019
We look under the hood at the enterprise software vendors plans for the year.More
Blockchain revenues to near US$10B despite 2018 crypto winter
This year blockchain is starting to find its feet as innovators find the use-cases that suit the specific areas in which it can provide value.More
Trustwave platform brings more visibility and control cloud security
The platform aims to give internal security teams deep visibility, technologies and the security expertise necessary for protecting assets and eradicating threats as they arise.More
Soft skills increasingly important for IT career growth – SolarWinds survey
SolarWinds conducted a survey and had responses from 177 technology professionals from across the globe, including those from public and private sectors.More
Time to include multi-factor authentication in your cybersecurity strategy - WatchGuard
Enterprises looking to reduce the risk of cyber-compromise or attack need to think about adding multi-factor authentication technology to their arsenal.More
Application shielding startup RedShield raises $14m
RedShield CEO and co-founder Andy Prow says that taking capital from a New Zealand private equity player was a strategic choice.More
Does your security team need a boost from an MSSP partnership?
Rackspace’s e-book has a practical set of protection measures, providing a framework for security decisions relevant to data centre and cloud infrastructure.More
IBM launches data privacy platform for hybrid multicloud environments
The IBM z15 will enable customers to manage who can access data via policy-based controls such as encryption, cloud-native deployment, instant recovery, and data-centric privacy controls.More
More stories