As individuals and employees, we use cloud-based applications all the time – it makes our lives easier. We can edit and share documents with many others simultaneously, we can access information from home or on the go and we can use apps to project, manage or improve productivity. This is according to Christo van Staden, Forcepoint Regional Manager: Sub-Saharan Africa.
But the problem is, this freedom to innovate means we’re bringing those applications into the workplace. With the amount of time we spend at work, it’s no surprise that we want to take as many shortcuts as possible to reduce the time we spend at our desks.
However, by bringing in new applications without company regulation, we could be causing a real problem for our employers from a security perspective. Without governance and IT team visibility, cloud applications are ripe for the picking by cybercriminals looking for a way to access company networks. By connecting devices, they’re getting an easy way in.
So how do security professionals fix this? Realistically, they have two options: to stop the use of a new app until it is formally sanctioned by IT, or to allow its use while working to support it as quickly as possible.
Neither of these options is great, especially if you talk about adding weeks or months of time to support. This makes it critical for any cloud security solution to support new or custom apps quickly.
While the adoption of productivity-boosting cloud services has increased over the past few years, many organisations are still unwilling to permit a move to the cloud due to security and compliance concerns.
Whether employees are using unapproved endpoint devices (BYO) to access approved cloud apps or downloading and using unapproved cloud services, cloud applications can be targets for account takeovers and malicious insider threats.
Security teams have no visibility into company usage and storage of sensitive corporate data in unapproved cloud applications.
Needless to say, cloud service providers have a role to play here. You might be forgiven for assuming that cloud and cloud application providers would be highly focused on providing security capabilities that address mobile and cloud application security blind spots. To a certain degree, they do.
Security in the cloud is however most often a shared responsibility. While cloud service providers have a responsibility to protect data and be transparent with their customers, it’s up to the user of those services to secure data within the cloud: and if you don’t know which apps are being used and what data resides there, it’s hard to take responsibility for it.
It’s obvious that if there’s a more convenient way for humans to get their job done, they’re going to find a way to do it. It’s not feasible or useful to ask your employees to go the long way around just because it fits better with your legacy security systems.
It’s time to shake things up and there are plenty of options out there. But thinking about the challenges of the workplace with the number of people that come in and out of your door, you need a system that’s going to do the legwork for you.
While it’s possible to “discover” cloud apps using existing infrastructure and certain cloud security tools, they don’t provide the visibility and control required for a comprehensive solution.
Nearly all CASB solutions have discovery capabilities, but the majority can only secure the most more common, top-tier cloud applications. A CASB solution should offer both API and inline capabilities, since many Tier II or Tier III applications will not necessarily have an API that can be used by a CASB solution.
We recommend a five-point checklist when looking for a cloud security solution. Companies today require a product which:
Provides visibility into what users of both sanctioned and unsanctioned apps are doing in the cloud to understand risk and protect users and data
- Monitors and controls how users interact with any cloud application
- Identifies users at risk and prevents risky usage
- Enables policies and protections that are specific to users access cloud apps on BYOD (unmanaged) devices
- Delivers data loss protection (DLP) to protect data at rest in the cloud and data in transit.
In this way, users get the apps they want and the IT security department gets the visibility and control it needs.
Forcepoint understands that human behaviour is at the centre of the security equation, particularly when it comes to mobile workers. Human-centricity and knowledge of critical data and intellectual property underpin our philosophy for our cloud security solutions. Understanding user behaviour and intent is the determining factor necessary to distinguish an employee making an honest mistake from a malicious insider or a user who’s been compromised.
This insight enables Forcepoint to stop the bad and free the good—stopping bad cyber activity while allowing people to do good work. This is the approach we use to address the mobile-cloud world with capabilities such as CASB.