The growing need for big data analysis and rising demand for mobility are supercharging connected cloud applications. Just take a look at the top 20 cloud services in use by today’s enterprises in the table below.
Now think, how many of them are connected to your business? Go ahead, really come up with a number.
Outside of the list, how many other cloud apps are in use? If you aren’t 100 percent confident in your answer, you’re in good company.
To give you a sense, today’s enterprises have an average of 1,181 cloud services in use, with 92.7 percent not enterprise-ready according to the latest Cloud Report by Netskope. Since this is just an average, larger organizations can have over 3,000 cloud services, which include apps that aren’t necessarily sanctioned, IT-led services.
Netskope’s Cloud Report, Top 20 Cloud Services List
Even though the apps on the list above are common in the enterprise, and vetted, these “sanctioned apps” can still be connected to other dangerous cloud apps.A recent example of this is the Facebook and Cambridge Analytica scandal. While Facebook is generally accepted as a safe app, it turns out what it is connected makes it not such a safe place after all.
This is the stuff of nightmares for IT security managers and CISOs alike -- the dreaded “shadow IT.” With well-known risks, including data leakage and weak security, not having a hold on cloud usage has the potential to impart damage to a business’s ability to function effectively.
Boost Your Cloud Confidence
The cloud doesn’t have to be a foggy place where sensitive data is transmitted and possibly leaked. While technology developments like Bring Your Own Device (BYOD) have become the rabbits of cloud, breeding connected third party vendors in volume and without IT approval, there is a way to regain control and confidence.
Instead of feeling shy, aspire to have cloud confidence by following our five steps:
Discover the cloud apps running in your enterprise and understand their risks.
Gain visibility into the usage of the cloud applications.
Use analytics to monitor usage, detect anomalies, and conduct forensics.
Identify and prevent the loss of sensitive data.
Enforce your security and compliance policies across any cloud app or app category in real-time.
Putting the Five Cloud Confidence Steps Into Action
Maybe the five steps seem obvious, or perhaps it was an “aha” moment -- regardless, you’re probably thinking, “great, but how?” Luckily, there is now a way to gain unfettered visibility and fill security voids by offering a combination of APIs and traffic inspection technologies to flag employee misure of cloud resources using Cloud Access Security Brokers.
What is a Cloud Access Security Broker (CASB)?
The term was originally coined by Gartner in 2012, and since then, a number of vendors have emerged to fill voids of other security solutions such as smart firewalls, UTM, and proxy services that haven’t been easy or often even possible to deploy in front of cloud services.
Gartner officially defines CASBs as “on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.”
CASBs, at a high level, are designed to deliver four pillars of functionality that differentiate them from existing security technologies in relation to securing cloud services, including:
Visibility - Discover shadow IT cloud services and gain visibility into user activity with sanctioned cloud applications.
Compliance - Identify sensitive data in the cloud and enforce DLP policies to meet data residency and compliance requirements.
Data Security - Enforce data-centric security such as encryption, tokenization, access control, and information rights management.
Threat Protection - Detect and respond to negligent or malicious insider threats, privileged user threats, and compromised accounts.
Start From the Very Beginning: Visibility Through Cloud Risk Assessment
Cloud confidence stems from knowing what you have and using the visibility to control and secure all cloud data.
At Edgeworx Solutions, we begin this process by completing Cloud Risk Assessments that can:
Discover and secure sensitive content both at rest in and en route to your cloud applications. Focus on the violations that carry penalties and can result in negative press, including PIPEDA, HIPAA, HITECH, and PCI.
Define cloud application policies, considering not just popular cloud storage, social, and webmail apps, but also focus on business critical apps like HR, finance/accounting, and business intelligence.
Go beyond coarse-grained “allow” or “block” decisions on cloud apps and enforce contextual policies on risky activities such as “download” (e.g., to mobile), “share” (e.g., outside of the company), or “delete” (e.g., if you’re not in the enterprise directory group “HR Directors”).
That’s just some of what assessments can do for your organization. But we have to warn you, what we discover ain’t always pretty! Reality almost never is, but knowing is half the battle. Ready to gain cloud confidence? Contact our cloud team today at +1.647.793.4731.
Not ready to talk? Get more insight on cloud applications in our blog, 4 Essentials to Ensure Your Applications are Cloud-Ready.