The rise of cloud computing has benefited countless companies; from remote working and collaboration to flexible bandwidth, there are many advantages. But of course, there are also significant challenges, especially when it comes to security. Add in tech-savvy employees able to leverage cloud services independently, and we need more sophisticated tools at our disposal.Cloud Adoption
According to a 2016 survey of cloud usage conducted by RightScale, 95% of respondents are utilizing the cloud, and it is now very much entrenched in the architecture of many organizations. Significantly, trust in the public cloud (those services that are not operated solely for a single organization) is on the rise, with many now turning towards at least a hybrid model, which combines a private cloud foundation with the use of public cloud services.
That trust is reflected in how we are using the cloud. In its second annual cloud security report this year, Intel Security found that 62% of those surveyed store sensitive customer data in the public cloud. And while use of public cloud services can certainly improve efficiency by enabling employees to take advantage of more applications, that also raises some potential security issues.
By choosing the right provider we can actually mitigate many cloud security risks. But in fact, the responsibility for cloud security failures increasingly lies with the customer, and how people across our organizations use these services. Gartner even predicts that through 2020, 95% of cloud security failures will be the customer’s fault.
Of particular concern is ‘shadow IT’ — when employees bypass internal resources and policies to find their own solutions, without the knowledge or approval of the IT department. This is a big problem because unsupported hardware and software are not subject to the same security measures as known, supported solutions. Naive workers may even be holding corporate data on file storage apps without your knowledge.
Because of their low cost and accessibility, those cloud-based software-as-a-service (SaaS) applications are extremely popular; social media, business productivity and file storage solutions are simply innocent tools to those unaware of the risks. And according to McAfee-sponsored research, 80% of employees admit to using SaaS applications in their jobs without IT approval. If we want a secure environment, we have to take back control and understand exactly how cloud services are being used.
Introducing Cloud Access Security Brokers
However, we also have to find a balance between security and productivity. Employees that have come to rely on these applications to get their jobs done will simply not accept them being blocked outright. Therefore, the answer is not more restriction but better visibility — we should provide the broad range of solutions people need while ensuring we can monitor their use and be security compliant.
A Cloud Access Security Broker (CASB) is the way to achieve that. A term originally defined by Gartner in 2012, it is a software tool that sits between cloud service customer and provider to provide that visibility, and enable security policy enforcement over all cloud activity. Alongside that visibility, they can automatically evaluate whether cloud services are regulatory compliant, add an additional layer of data security (including encryption), and analyze traffic patterns to identify threats. These four features are known together as the ‘4 Pillars of Required CASB Functionality’.
Many organizations rely heavily on their firewalls and other existing security features for protection, and while CASBs should never be seen as a replacement for them, they are an essential additional tool. Unlike other security solutions, CASBs allow the deepest level of visibility, allowing you to investigate individual user actions through traffic logs and determine what kind of threat you might be facing. Not only that, but you can set up automatic notifications about new apps, service non-compliance, and anomalous usage to speed up your response time.
One of the biggest adoption drivers for many companies is regulatory compliance, and CASBs provide the best way to satisfy strict new regulations around data security, thanks to those configurable non-compliance notifications. For others, it’s about preventing the movement of sensitive corporate information to the cloud without any controls, in which case you can use a CASB to encrypt all data as it leaves your environment. The ability of a CASB to accomplish various different goals depending on your needs is another strength.
Choosing a CASB
The CASB market has exploded in the last few years and is predicted to grow to $7.51 billion by 2020, with 85% of large enterprises using a CASB platform by then (as predicted in Gartner’s Market Guide). But how to choose the right product for you? The first thing to do is to define a clear set of use cases for your organization that reflect your goals; the features that you require will help you narrow down a list of vendors. There are also options to choose from when it comes to deployment — the two main methods being API and Proxy (either forward or reverse). Although some have argued that API is superior, it really depends on your use case, so that’s another reason to define them upfront.
It’s also important to consider how many cloud providers the CASB can discover, and the breadth of attributes tracked in the cloud provider registry. Have you established a list of policies on what will generate alerts? And how easy will it be to set up and configure them? If you’re overwhelmed with excess notifications, you’ll miss the ones that really matter.
Implementing a CASB solution can be challenging process; but as we look to the future, cloud visibility is a clear priority. It’s estimated that a staggering 40 zettabytes (40 sextillion bytes) will have been created by the year 2020, and with an ever-increasing amount of data comes an increasing demand for cheap cloud storage. The trend towards a mobile workforce means that cloud solutions will become essential, and IT budgets are rapidly reflecting that. Familiarize yourself with CASB solutions now, because sooner rather than later, you’re going to need them.