Does your organization use any hosted or cloud-based services? Even if you host just one, your network can end up the victim of a serious security fail. Unless you have a completely closed network there is always a need to add some additional safeguards for your organization’s cloud services.
This isn’t meant to be a scare tactic, but rather an update to the continually changing security conversation. For years, IT security has been about blocking everything at the edge, but with the consumerization of IT, the ever growing amount of web-based applications, and the prevalence of cloud computing, the game has changed.
Enter what I like to call the “Cloud Security Triumvirate.” This is a combination of cloud-based security tools that help shore up the holes in your security to ensure your data and users remain safe, regardless of where they reside. Let’s start with the basics and work down from there.
Web Security Gateway (WSG)
A web security gateway is the first step when securing current threats that lurk beyond your firewall. WSG’s offer URL filtering, application controls, and anti-malware protection. But cloud computing is changing the way WSG’s are used. Rather than just protecting servers and endpoints behind a device, cloud-based web security gateways protect people, any internet connected device, and cloud applications. For a quick view of how your organization is doing on this front, run a simple test using Zscaler, a cloud-based information security company that assesses vulnerabilities in Internet and web security.
Identity & Access Management (IAM)
Now that we’ve covered how to protect URL threats from internet connected devices and users, we’ll look at how to make sure that those authenticating are authorized users (i.e. the good guys). IAM is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons, according to a well thought out explanation from Gartner.
IAM tools provide a combination of the following features: Single Sign On (SSO), Multi-Factor Authentication (MFA), Universal Directory – Both for internal and external users and User Provisioning.
Cloud Access Security Broker (CASB)
Let’s tie the above software together with an emerging player that will likely be vitally important to organizations in the years to come: the cloud access security broker. Gartner states that fewer than 5% of organizations have deployed a CASB as of 2015, but that 85% of enterprises will by 2020. Let’s discuss what CASB is, and what it does. CASB’s generally perform the following functions:
- Identify – CASB scans, evaluates, and reports what cloud applications are already running on your network
- Secure – It provides audits, policy, Data Loss Prevention (DLP), and additional security controls for applications outside your network, specifically Software as a Service (SaaS) applications like email, file sharing, and Consumer Relationship Management (CRM)
- Ensure Compliance – CASB adds security to cloud-based applications that have multiple data center locations by enforcing things like data residency
- Deploy User & Entity Behavior Analytics (UEBA) – CASB provides intelligent analytics to ensure no unwanted access based on learned behavior
When WSG, IAM and CASB are used together in unison, this cloud security triumvirate becomes a tangible defense mechanism for your network. Here’s how it works:
A user with policy permissions to access the hosted HR system securely connects through the public internet with protection from a WSG. Then, after a single sign-on the IAM platform authenticates their source of identity and attempts to let them in. All seems well, but there is a red flag. How could this be? They used the correct username and password. Well, it’s because the CASB platform detected an anomaly. This user who has never logged-in outside of the state of Illinois is now logging in (with proper credentials, mind you) from Singapore.
As a result of this variation in typical behavior, the UEBA feature in the CASB solution communicates with the IAM platform, essentially saying “make this user prove they are who they say they are.” The user is now forced to use multi-factor authentication to get access. The IAM platform automates this by sending a text message to the user’s mobile phone. If the user cannot provide the second identification confirmation then their access is denied.
This is where the cloud security triumvirate thrives! It is an intelligent and continually learning part of your staff—an extension of an organization’s policy that never sleeps. On top of that it is done in a way that actually reduces complexity for both end users and IT operations.
For the latest in cloud trends, check out CDW’s collection of case studies, white papers and infographics.
As always, feel free to leave a comment below with any questions.