Today’s cloud-powered enterprises need to gain visibility of threats beyond the network perimeter and implement
As revealed by a recent Bitglass study of 135,000 companies around the world, cloud adoption has reached an all-time high. 81% of organisations now use cloud apps – up from 59% in 2016 and just 24% in 2014.
As this momentum for cloud computing continues to build, relying upon traditional IT security strategies means ‘flying blind’ in the cloud. In a survey of over 570 cybersecurity and IT security leaders, 84% of respondents admitted that conventional security tools couldn’t adequately protect data in the cloud. Unfortunately, a mere 44% of respondents had visibility over external sharing and data leakage policy violations; additionally, only 15% had solutions capable of detecting abnormal user behaviours across cloud applications.
In a world where employees are performing more and more of their work in the cloud and outside of corporate headquarters, it’s time for organisations to use tools that allow them to fill the security gaps that put data and users at risk. Typically, this involves addressing three key concerns: shadow IT, mobile devices, and data access.
- Shadow IT
In the cloud, users can access specialised applications that help them to complete their work more quickly and efficiently than ever before. Unfortunately, this is not always done with the permission (or even the knowledge) of IT departments.
For users, this may entail utilising a private Dropbox account to copy company documents and complete tasks away from the office; alternatively, it might involve circumventing IT to leverage unsanctioned applications that can jeopardise a company’s overall cybersecurity.
These kinds of user behaviours introduce a host of security concerns. Regrettably, they can prove challenging to address – IT cannot manage what it cannot see. Consequently, discovering shadow IT is critical.
- Mobile devices
The increased use of mobile devices in the enterprise represents a significant security headache for IT professionals – they are now faced with the two-pronged challenge of mobile data access and BYOD (bring your own device).
Typically, organisations have no control over the security of external networks that employees might use when working remotely from mobile devices. With respect to BYOD, users now demand anywhere, anytime access to corporate data and reject security tools that impair device functionality. These issues are compounded by the fact that today’s cloud apps encourage users to synchronise all of their accounts and data across all of their devices. This can increase the likelihood of data leakage and expose corporate data to any malware that may be infecting said endpoints.
To address these issues, organisations need to find technical solutions and governance protocols that minimise cybersecurity threats.
- Going beyond endpoint security
Preventing external intruders from gaining access to the corporate network is no longer sufficient for enterprise security. Today’s cloud-first organisations need to implement comprehensive protections capable of securing data when it is at rest in the cloud, when it is stored in any device, and when it is in transit between the two.
Users can now view, use, download, and share data in more ways than ever before. As such, the enterprise must implement access management systems that verify user identities, block unauthorized access, identify traffic heading to high-risk destinations, and remediate risky or malicious employee behaviours.
Tired of flying blind?
As enterprise cloud usage continues to grow, organisations need take steps to ensure that they are adequately protecting data within the cloud. Fortunately, specialised solutions termed cloud access security brokers (CASBs) have quickly emerged as the security tools of choice for today’s business world.
CASBs grant thorough visibility through activity logs that detail all data access, as well as shadow IT discovery that reveals the unmanaged applications used by employees. The solutions also provide identity and access management capabilities that authenticate users and govern data access by a variety of factors. Features like data loss prevention (DLP) and encryption offer robust data security, while advanced threat protection (ATP) can defend against zero-day malware.
For enterprises that recognize the need to go beyond traditional, on-premises security measures, CASBs offer the protections that make it possible to soar through the cloud without flying blind.
Regional Director UK, Ireland & South Africa
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.