Organisations looking to ‘cloud application proof’ their web security need to address the gap between traditional web security and content filtering
From Dropbox to Twitter to WeTransfer and Salesforce, the use of cloud-based applications has become an everyday part of the modern business ecosystem. Research has shown that the average employee uses a staggering 27 apps at work.
To accommodate this trend, most companies are now deploying cloud-based solutions; the expectation being that by 2018 around 59% of companies will be using software-as-a-service (SaaS).
As the understanding of the cloud has matured, progressive organisations have started to adopt enterprise applications that are tailored to the meet the needs of their business.
However, these businesses still rely on security products that were designed before the onset and global expansion of web applications. As a result, they are unable to meet the demands and complexity of the modern and mobile work environment.
So where does this leave businesses and their overwhelmed IT departments?
CIOs and IT departments are under increasing pressure to provide employees with reliable and secure web access across all devices, whilst controlling the use of cloud applications - all without compromising data security and preventing the spread of Shadow IT.
Part of the reason the growth of cloud applications has posed such a challenge and threat to traditional web security is because often users are unaware of the risks associated with sharing and uploading information. Research has shown that 43% of C-level executives say negligent insiders are the greatest threat to sensitive data.
Instead of going through the red tape of IT procurement, provisioning, testing and security, employees are quick to download the latest app to access or share data. However, such a quick fix can have damaging implications on a company’s most valuable corporate assets – its intellectual property and brand reputation.
Now more than ever, organisations need to be able to monitor an individual’s use of corporate assets at the most basic level, regardless of whether users are in-office or mobile. Cloud application control (CAC) software can provide businesses with visibility and the ability to discover, analyse and control the information staff are accessing or sharing. With businesses under pressure to provide staff with access to the latest innovations, security becomes even more important.
The ongoing consumerisation of information technology is creating a Shadow IT community; a community which CIOs have little or no control over. ‘Everything-as-a-service’ presents the opportunity to buy localised cloud apps that complement or replace corporate on premise system software, with most users opting for familiar branded apps under the false pretence that it is safe.
With apps like Dropbox being quick to download and easy to use, it is not a trend that is going to disappear any time soon. If you can deploy an app in seconds to get the job done without the delay of following IT regulations and security, then why not?
The problem is that most apps are generic; created to service a mass market with only a basic level of security. As more companies embrace cloud applications to replace on premise legacy systems, they must be aware of the potential security risks.
To successfully apply security and privacy settings, businesses need greater visibility and control of enterprise data in the cloud that is accessed using both company managed and bring your own devices (BYOD).
In order to cope with the exponential rise of the app, data and cloud market, today’s web security solutions must offer CAC capabilities beyond the traditional security functionality. Security should extend beyond the web gateway and address the fundamental gap that resides between traditional web security and content filtering to secure the way in which we use apps today.
Gartner agrees; by 2016 25% of enterprises will secure access to cloud-based services using a cloud application security broker (CASB) platform, reducing the cost of securing access by 30% in the process.
Ideally CAC should truly ‘follow the user’ by monitoring all actions. It should encourage the use of cloud apps and services while keeping company assets secure. This requires the ability to analyse the risk, audit and log all usage to maximise visibility at the time an issue occurs, rather than acting as a forensic tool post-event.
If businesses continue to use outdated web security solutions, how can they protect against an employee posting damaging or libellous comments about the company, or publishing sensitive commercial data on their feeds or uploading them to other cloud apps? The answer is they can’t.
Traditional web security could only tell a CIO that a person has accessed the application, rather than details of the content or the post itself. As cloud application adoption continues to gather momentum, organisations need to step up to the challenge and embrace the advances that CAC functionality brings - or face the repercussions.