All organizations using the cloud are facing a number of extremely difficult challenges.

The way we work has changed. Going back a few years, most if not all the applications and infrastructure that we used in the workplace sat behind a firewall, and we would come into an office environment, plug into the network, and login. That was our world and in the last few years, that picture has changed dramatically.

We have, on the one hand, users who are completely off our corporate network, working from home offices, coffee shops, airplanes, or even client locations.  They are using a plethora of devices, from mobile phones to laptops to tablets, most of which are unmanaged.  On the other hand, our applications and our data are leaving the corporate network and residing in cloud services like AWS, Azure, Salesforce.com, Office 365, Box, etc.  With a lot of our data and users leaving the safety of our corporate office, we are presented with new challenges that IT security must address.

That challenge is that the perimeter is extended   We are no longer protected behind our Next-Gen Firewall or secure web gateway.  Our users are off the network and accessing data stored in the cloud without ever touching our fancy, “modern” network security devices.  So, while admins are thrilled that productivity is sky-rocketing as they enable employees to work from any device, anywhere, at any time, the security teams are overwhelmed and under-staffed attempting to address the security challenges created by this shift.

As this trend continues, our old approach of perimeter security appliances and VPNs (who wants to login to a VPN!?) are no longer able to protect our devices and data.  We need a new approach.

Here are some key questions organizations should be asking themselves.

  1. Are we securing the usage of cloud applications (Salesforce, Google Apps, Office 365, etc.)?

“Attackers are always attempting to compromise my users’ identities. I also need to identify and address malicious insiders.”

Imagine a user logs into a cloud application, say Salesforce, in San Francisco.  Then, 5 minutes later, the same account is used to login from Beijing.  This is a clear indication that the account may have been compromised.  While cloud service providers often have excellent infrastructure security, the security of your user accounts is your responsibility.  In addition, no matter how strong a cloud application’s security is, it will never be able to analyze data across platforms to give you a truly comprehensive view of your users’ cloud activities.

Users/Accounts:

  • Who is doing what in my cloud applications?
  • How do I detect account compromises?
  • Are malicious insiders extracting information?
  1. How do we handle data breaches and compliance?

“We have policies about what kind of data can be stored in the cloud and what kind of data can’t, but I’m not sure if people are following the rules. I don’t know what they’re uploading and what they’re sharing.”

Users do whatever they can to make themselves more efficient. This, unfortunately, often includes violating policies and can lead to users uploading sensitive data to the cloud, including Protected Health Information, Social Security Numbers, Credit Card Numbers, and confidential internal documents. This information can then be shared, both across the company and with the entire Internet.

Data:

  • Do I have toxic and regulated data in the cloud?
  • Do I have data that is being shared inappropriately?
  • How do I detect policy violations?

Applications:

  • How can I monitor app usage and risk?
  • Do I have any 3rd party connected apps?
  • How do I revoke risky apps?
  1. Do we have gaps in visibility and coverage?

“I have more locations and more devices to protect, and threats are using more ports that I need to defend against. I lack visibility into all internet activity.”

More locations:

Branch and remote offices: You have more branch offices connecting directly the internet because of the high cost of backhauling traffic back to corporate. But that means that you lack visibility and security protection for corporate users and guests at those locations. The cost advantages of not backhauling traffic are trumping security.

Roaming users: Employees are using more cloud apps for work and leveraging their work laptops for personal use.  The reality is that not every connection goes through the VPN.  Users can access the internet from any location and your existing perimeter security loses visibility and can’t provide protection. Your last layer of defense is probably antivirus, which isn’t enough. End user behavior and business requirements are trumping security.

More devices: There are more devices on your network accessing the internet—BYOD, IoT, and other unmanaged devices. And you have more corporate-owned devices accessing the internet from other networks, which means they are more vulnerable. You lack visibility into all internet activity for those devices and can’t provide the right level of protection.

More ports and HTTPS destinations: Security teams need coverage across all ports for more complete threat protection because attackers will try different tactics to get in and exfiltrate data. The internet is moving towards HTTPS, so more destinations will require SSL decryption to effectively see and block. Organizations need a solution that gives them visibility and protection for HTTPS destinations, without adding latency.

In addition to the questions listed above, customers need to have an understanding of the risks/security weaknesses of native cloud service providers. Here are a few items to contemplate:

  • Single platform only
  • Upcharge in cost
  • No incident management
  • Weak remediation capabilities
  • Lack of security expertise and focus

Securing an organization requires a deep, layered security approach that looks at all threat vectors and addresses all the potential vectors with equal importance. With the addition of cloud into many customer environments, this is a vector that needs further due diligence to ensure the proper security techniques are being used to protect data.

If you would like a deeper discussion regarding these topics, please contact your Sovereign representative for continued conversation on this topic.