Most recent

Protecting Your Data With Secure Cloud Access

By Eitan Bremler

Cisco predicts by 2017, roughly 69% of all workloads will be in the cloud. While even five years ago, most CIOs would be concerned about the idea of putting their data in the cloud, now companies use cloud based tools every day.

The growth of cloud has been great for businesses as they have access to cloud based software services that they probably never would have tried with a traditional on-site model. However, even with this new growth and flexibility, security breaches are still a concern. As data travels between the cloud, multiple users and mobile devices, it becomes evident that not all data is equal and some needs to be more secure than others.

While most SaaS vendors may have great security, it is ultimately your business that is responsible for the security of your data. If you don't already have a secure cloud access solution, it is necessary to implement today.

How Can You Secure Cloud Access?

Implementing new security methods, such as Cloud Access Security Brokers (CASB) can protect our data in the cloud. According to Gartner, by 2020, 85% of large enterprises will use a CASB solution, a dramatic increase from last year.

CASB, either cloud based or on premises, secure Policy Enforcement Points that are placed between a consumer and cloud service provider to add enterprise security policiesCASB consolidates a variety of security policies, including:

  • Single sign-on
  • Authentication
  • Credential mapping
  • Encryption
  • Logging
  • Alerting
  • Malware prevention

For most cloud vendors, security is a major concern and each vendor may have dozens or even hundreds of security experts that are responsible for making sure the application and data are secure. CASB is needed to sit between software as a service (SaaS) vendors and the users who use the data via their devices.Download White Paper: DDoS Attack Solutions

A lot of the concern is on the end-user side since these cloud apps are accessible from mobile and unmanaged personal devices. CASB helps make sure that these devices are secure and compliant with the proper level of control access. It also provides administrators visibility into how the data is being accessed.

The 4 Pillars Needed for CASB Functionality:

  1. Threat Protection: This can include keeping unauthorized devices from getting access to data, while providing malware protection and threat intelligence.

  2. Data Security: Enforce corporate security policies and makes sure that data is encrypted properly while still allowing applications to continue to use the data, manage data leakage and prevent insecure downloads, and make sure that the network traffic between cloud providers, mobile, and on-premise devices meet proper security policies.

  3. Compliance: CASB helps ensure companies are HIPAA, PCI, and other industry regulation compliant.

  4. Visibility: CASB gives administrators the ability to see cloud usage within the organization, including identifying unauthorized cloud services. CASB helps reduce the risks that can occur in the cloud as it provides policy enforcement at both the application level and activity level.

How To Deploy a CASB in Your Organization

Two ways to set up a CASB are to use a forward or reverse proxy, or APIs. While each has their advantage, a multimode approach in which both proxy and APIs are used together is becoming more common.

  • Forward proxy: Using a forward proxy allows all application traffic and data to flow through the proxy, however you need certificates on every device that needs to access the proxy.
  • Reverse proxy: Using a reverse proxy allows access from any device but it won’t work with certain apps that have hard-coded host names.
  • API: APIs have the drawback in that they are limited because some cloud apps do not have API support.

Securing Cloud Access Immediately When Moving To The Cloud

Everyone knows we’re moving more processes, apps and data to the cloud. Some businesses will jump on board with little consideration of security and trust the SaaS vendor to handle it all. In cases where confidential data is not involved, the risk of doing this may be minimal.

But as more companies process sensitive data between multiple cloud services, on-premises servers, and mobile devices (both owned and personal), it becomes critical for IT to have the ability to administer security processes, including secure cloud access, and maintain the security of all data, everywhere.

For more information on how to secure your data and protect it from cyber attacks, download this White Paper

DDoS Attack 

All posts