Bitglass recently published a survey revealing that IT and cybersecurity professionals are continuing to struggle with visibility and data protection in the cloud. Whilst IT and security professionals acknowledge the shortcomings of traditional security tools for the cloud, many have yet to fill these gaps with effective cloud-focused security tools. Steve Armstrong explores the issue.
Today’s cloud-powered enterprises need to gain visibility of threats beyond the network perimeter and implement comprehensive cloud security strategies that proactively protect sensitive business information.
As revealed by a recent Bitglass study of 135,000 companies around the world, cloud adoption has reached an all-time high. 81 percent of organisations now use cloud apps – up from 59 percent in 2016 and just 24 percent in 2014.
As this momentum for cloud computing continues to build, relying upon traditional IT security strategies means ‘flying blind’ in the cloud. In an earlier Bitglass survey of over 570 cybersecurity and IT security leaders, 84 percent of respondents admitted that conventional security tools couldn’t adequately protect data in the cloud. Unfortunately, a mere 44 percent of respondents had visibility over external sharing and data leakage policy violations; additionally, only 15 percent had solutions capable of detecting abnormal user behaviours across cloud applications.
In a world where employees are performing more and more of their work in the cloud and outside of corporate headquarters, it’s time for organizations to use tools that allow them to fill the security gaps that put data and users at risk. Typically, this involves addressing three key concerns: shadow IT, mobile devices, and data access.
In the cloud, users can access specialised applications that help them to complete their work more quickly and efficiently than ever before. Unfortunately, this is not always done with the permission (or even the knowledge) of IT departments.
For users, this may entail utilising a private Dropbox account to copy company documents and complete tasks away from the office; alternatively, it might involve circumventing IT to leverage unsanctioned applications that can jeopardise a company’s overall cyber security.
These kinds of user behaviours introduce a host of security concerns. Regrettably, they can prove challenging to address – IT cannot manage what it cannot see. Consequently, discovering shadow IT is critical.
The increased use of mobile devices in the enterprise represents a significant security headache for IT professionals – they are now faced with the two-pronged challenge of mobile data access and BYOD (bring your own device).
Typically, organizations have no control over the security of external networks that employees might use when working remotely from mobile devices. With respect to BYOD, users now demand anywhere, anytime access to corporate data and reject security tools that impair device functionality. These issues are compounded by the fact that today’s cloud apps encourage users to synchronise all of their accounts and data across all of their devices. This can increase the likelihood of data leakage and expose corporate data to any malware that may be infecting said endpoints.
To address these issues, organizations need to find technical solutions and governance protocols that minimise cyber security threats.
Going beyond endpoint security
Preventing external intruders from gaining access to the corporate network is no longer sufficient for enterprise security. Today’s cloud-first organizations need to implement comprehensive protections capable of securing data when it is at rest in the cloud, when it is stored in any device, and when it is in transit between the two.
Users can now view, use, download, and share data in more ways than ever before. As such, the enterprise must implement access management systems that verify user identities, block unauthorized access, identify traffic heading to high-risk destinations, and remediate risky or malicious employee behaviours.
Tired of flying blind?
As enterprise cloud usage continues to grow, organizations need to take steps to ensure that they are adequately protecting data within the cloud. Fortunately, specialised solutions termed cloud access security brokers (CASBs) have quickly emerged as the security tools of choice for today’s business world.
CASBs grant thorough visibility through activity logs that detail all data access, as well as shadow IT discovery that reveals the unmanaged applications used by employees. The solutions also provide identity and access management capabilities that authenticate users and govern data access by a variety of factors. Features like data loss prevention (DLP) and encryption offer robust data security, while advanced threat protection (ATP) can defend against zero-day malware.
For enterprises that recognize the need to go beyond traditional, on-premises security measures, CASBs offer the protections that make it possible to soar through the cloud without flying blind.
Stephen Armstrong is Regional Director UK, Ireland & South Africa at Bitglass.