Exclusive: How companies can stay secure in the cloud
Recently Security Brief had the opportunity to talk to Bitglass APJ VP of sales David Shepherd about cloud security.
What are the threats companies moving to the cloud or adoption cloud services are least prepared for?
I think most people now accept that moving to the cloud is no less secure than the traditional way of doing things; in fact, in many cases, the cloud offers more security than most enterprises could hope to achieve in-house. This being said, some threats in the cloud are different to those historically faced in on-premises-only environments.
For example, organisations moving to the cloud must defend against malware that can quickly infect a business by spreading through personal and corporate devices as well as the cloud apps that they access. Additionally, enterprises must understand the shared responsibility model of security and adopt new tools for addressing unauthorised external sharing, advanced cloud phishing attacks, and more.
How have CASBs had to evolve as threats to companies in the APJ region change?
It seems that threats in APJ have evolved virtually identically to those around the world. Regardless, CASBs have had to adapt to address these threats and help customers understand and manage cloud data risk. Initially, most CASB offerings were designed solely to provide visibility into SaaS app usage in the enterprise.
However, they have rapidly evolved into flexible tools that can be used for a massive variety of use cases; for example, securing the mobile workforce, new apps, BYOD, and IaaS platforms, as well as responding to misconfigurations in cloud platforms, inappropriate sharing, data leakage, malicious insiders, and zero-day malware.
What are the biggest barriers preventing companies from implementing a CASB to secure the cloud?
Solving today's problems requires fresh thinking. Perhaps the biggest barrier we need to challenge is the belief that traditional tools like firewalls are able to offer comprehensive data security in a cloud-first world.
This belief may be due to an overestimation of how well on-premises security tools can extend to the cloud, a fixation on the sunk costs associated with existing IT infrastructure investments, or some level of misunderstanding around cloud threats. Whether you believe you're using the cloud or not, your users have probably already moved your data into this new landscape.
What are the biggest opportunities using a CASB brings a company as opposed to implementing their own cloud security protocols?
We're seeing a continued shift toward the consumerisation of IT. People no longer want to build and maintain their own networks, infrastructure, or applications – it's inefficient and not the best use of their budget or IT resources. As such, many companies prefer to consume IT-as-a-service and commit more focus to running their businesses.
By leveraging a third-party CASB, organisations are able to benefit from a specialised solution that secures data right out of the box with prebuilt policies and proven efficacy. Additionally, cloud access security brokers serve as a single pane of glass for ensuring consistent security across all of an enterprises' cloud applications, eliminating the need to manage dozens (or hundreds) of applications' disjointed, native security features.
What distinguishes an effective CASB solution?
The most effective CASB solutions are commonly known as multimode or hybrid CASBs. These integrate with application programming interfaces (APIs) to secure data at rest, and proxy traffic in order to protect data in transit between apps and devices. Uniquely, the Bitglass Next-Gen CASB uses an agentless reverse proxy architecture.
This means that we are up and running and fully deployed in hours rather than months. Companies start to receive value immediately, which is almost unheard of when deploying enterprise security tools. To cope with the dynamic cloud landscape, we are leveraging machine learning to automate protections and ensure that we deliver proactive, real-time security for any app, any device, anywhere.