Why use a Cloud Access Security Broker?

Mar 3, 2016 | Cloud, Security-GRC | 0 comments

Why do employees use unsanctioned cloud services?

The emergence of more than 17,500 cloud services online, the ubiquitous mobile phone which makes it easier to blend company data with personal data and the emergence of remote working make securing company data a bigger and bigger challenge.

With work flexibility, companies have lost the control on company assets once tied to the office computer. Companies have been slow to give employees convenient solutions to access company data remotely. That’s resulted in workers finding their own ways to access the data they need to do their jobs.

Shadow IT Cloud usage is 10X that of Cloud services sactioned by IT and Security departments.

Employees are building their own Cloud ecosystem.

There are key challenges that arise when a Shadow IT Cloud ecosystem is constructed.

  • Duplication of costs: Many times an employer is paying for a service that is going unused. The employee, meanwhile, has signed up for the service on a company credit card, or expensing it after charging it to their own personal credit card.
  • Sensitive data unchecked: Let’s take one example — online PDF conversion. An employee may upload a sensitive document, such as a contract, to a website that converts a .doc file into a .pdf file for free. The file is e-mailed back instantly converted. Several of these services are not altruistic. They convert all files while waiting for sensitive information that can be exploited. And this data is never deleted off the foreign servers.
  • Inefficiences created across the organization: The marketing department is using WeTransfer to send files. The engineering department is using Box. The sales department is using Dropbox. None of these systems talk to each other and files exist in many different places, some secure some not.
  • Compliance at risk: In regulated industries, not all data is created equal. When Shadow IT is prevalent, it’s easy for compliance issues (and the accompanying fines) to surface.
s

15.8%

of files in the cloud contain sensitive data.

i

9.2%

of documents shared externally contain sensitive content.

28.1%

of users have uploaded sensitive data

9.3

The average organization experiences 9.3 insider threat incidents each month

Enter the Cloud Access Security Broker.

A Cloud access security broker (CASB) is an on-premises or cloud-hosted piece of software that acts as a control point to support continuous visibility, compliance, threat protection, and security for cloud services.

A good CASB not only helps you control the new risks that emerge with cloud migration, but can bring efficiencies to tasks like a Vendor Risk Assessment. Days worth of work on a Vendor Risk Assessment can be simplified into a process no more complex than a Google search.

While the CASB market is clearly evolving, one solution has consistently — and for reason — emerged above all others: Skyhigh Networks.

Our clients use Skyhigh in four key ways: Visibility, Compliance, Security and Threat Protection.

Visibility = Accurate Risk Identification

  • Continuous visibility into Cloud usage and risk
  • Identify who is using which Cloud services
  • Identify data flowing outside the organization
  • Identify anomalous behaviors
  • See detailed 50 point risk assessment for over 17,500 (and growing) Cloud Services

Threat Protection = Manage & Mitigate Risk

  • Restrict access based on the location, time of day or whether the device is enterprise-managed.
  • Architect adaptive authentication using real-time machine learning
  • Include optional encryption.
  • Investigate and respond to reported exceptions.

Compliance = Manage & Mitigate Risk

  • Enforce data loss prevention policies for data at rest and in motion
  • Enact Cloud data loss prevention
  • Discover the “who, what, when and why” of data noncompliance in your organization
  • Unified view to both review and remediate all DLP, access control and collaboration policy violations

Data Security = Manage & Mitigate Risk

  • Enforce data-centric policies including encryption with your own keys, contextual access control and digital rights management
  • Map to data classifications policies
  • Implement content-based digital rights management (DRM) policies
  • Discover current cloud application security settings and suggest modifications to improve security

The importance of a good partner

ASMGi works with different clients in different ways, depending on the resources available in an organization. However, implementation is the key first step. With a focus on Practical IT Innovation, an important priority is building the system in a way that the value can be realized without adding staff or workload. If implemented properly, work should shift from reactive activities to proactive activities.

For enterprises without a built-out security infrastructure, or one that needs additional expertise, we can help interpret and analyze the data that is being collected. Even simple tasks like vendor assessments, which used to take weeks, can now be done in less than a day with the help of a CASB such as Skyhigh Networks.
View/Add comments

<script type="text/javascript" src="//platform.linkedin.com/in.js"></script><script type="in/share" data-counter="top"></script> <a href="https://twitter.com/share" class="twitter-share-button" data-via="ASMGi_CLE">Tweet</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^https:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>

Download a White Paper: Cloud Adoption & Risk Report

This report is based on findings from actual usage data from Skyhigh’s 23 million+ users worldwide. This report explores the types of sensitive data in the cloud, how the data is shared, and how risky employee behavior can expose this data.

<script type="text/javascript" src="https://xe289.infusionsoft.com/app/form/iframe/6dcf38f79c3c9cbfd0e511405229a5ff"></script>

Navigate the blog