To cope with the exponential rise of the app, data and cloud market, web security solutions must offer CAC capabilities, says Ed Macnair
The mass market availability of cloud-based applications is changing the way employees work. With 1.3 million apps available across Android and Apple stores, from Dropbox and Twitter to WeTransfer and Salesforce, it has become an everyday part of the modern business ecosystem.
To meet the needs of the digital workforce, companies are increasingly deploying cloud-based solutions, with Cisco predicting that by 2018 around 59% of companies will be using software-as-a-service (SaaS) in some form.
As the understanding of the cloud has matured, progressive organizations have started to adopt enterprise applications that are tailored to suit everyday business requirements.
However, these businesses are still using legacy security products that were designed to protect against very different challenges. These solutions cannot meet the demands and complexity of the modern and mobile work environment.
So how can businesses and their overwhelmed IT departments cope?
As the BYOD and cloud app culture continues to grow, CIOs and IT departments are under increasing pressure to provide employees with reliable and secure web access across all devices, all without compromising data security and preventing the spread of shadow IT.
One reason why the growth of cloud applications has posed such a challenge to traditional web security is because often users don’t realize the risks of sharing and uploading information.
Research has shown that 43% of C-level executives say negligent insiders are the greatest threat to sensitive data. Instead of going through the red tape of IT procurement, provisioning, testing and security, employees are quick to deploy the latest app to access or share data. However, such a quick fix can have damaging implications on a company’s most valuable corporate assets – its intellectual property and brand reputation.
Discover, Analyze and Control
Research shows the average employee uses a staggering 28 apps at work. Organizations need to be able to monitor an individual’s access to and use of corporate assets at the most basic level, regardless of whether users are in-office or working remotely. Cloud application control (CAC) solutions can provide businesses with visibility and the ability to discover, analyze and control the information staff are accessing or sharing. With businesses under pressure to provide staff with access to the latest innovations, security becomes even more important.
The ongoing consumerization of information technology is creating a shadow IT community, which CIOs have little or no control over. ‘Everything-as-a-service’ presents the opportunity to buy localized cloud apps that complement or replace corporate on-premise system software, with most users opting for familiar branded apps mistakenly believing that they are safe. With apps like Dropbox being quick to download and easy to use, it’s not a trend that is going to disappear any time soon. If you can deploy an app in seconds to get the job done without the delay of following IT regulations and security, then why not?
"With businesses under pressure to provide staff with access to the latest innovations, security becomes even more important"
The problem is that most apps were developed to service a mass market with only a basic level of security. As more companies embrace cloud applications to replace on-premise legacy systems, they must be aware of the potential security risks. To successfully apply security and privacy settings, businesses need greater visibility and control of enterprise data in the cloud that is accessed using both company managed and BYO devices.
The New Generation of Web Security
In order to cope with the exponential rise of the app, data and cloud market, today’s web security solutions must offer CAC capabilities beyond the traditional security functionality. Security should extend beyond the web gateway and address the fundamental gap that resides between traditional web security and content filtering to secure the way in which we use apps today.
Gartner predicts that by 2016 25% of enterprises will secure access to cloud-based services using a cloud application security broker (CASB) platform, reducing the cost of securing access by 30% in the process.
Ideally CAC should truly ‘follow the user’ by monitoring all actions. It should encourage the use of cloud apps and services while keeping company assets secure. This requires the ability to analyze the risk, audit and log all usage to maximize visibility at the time an issue occurs, rather than acting as a forensic tool post-event.
Developed before cloud application adoption gathered pace, traditional web security is simply unable to protect against employees accessing unauthorized applications and uploading or sharing company data or sensitive information on their devices. Businesses that fail to realize the limits of their traditional web security solutions and look at embracing CAC functionality will leave their company vulnerable to security risks.
About The Author
Ed Macnair, CEO and Chairman of CensorNet, has over 30 years’ experience in the technology and IT security world. He was previously the founder and CEO of SaaSID, and CEO of Marshal. He has also held senior management positions with MessageLabs, Symantec, IBM and Xerox.