How to stay in control of a cloud strategy
By Bitglass CEO Nat Kausik.
In recent years there has been a major shift in the way businesses conduct their operations and how employees do their work. Across many organisations, corporate culture has changed dramatically and employees are no longer required to work on premises from desktop computers.
In contrast, many people now access, share and store data in a variety of ways, using diverse services and devices.
For example, hugely popular Software-as-a-service (SaaS) applications such as Office 365, Box, and Salesforce are now the mainstream, market-leaders. Similarly, Infrastructure-as-a-service (IaaS) platforms like Amazon Web Services (AWS) are hugely profitable and have changed the way organisations around the world deliver IT.
Across every type of team and department, cloud-based SaaS apps have appeared to offer tailored services and functionality geared towards the specific objectives of each job function. This is particularly important, given the huge number of SaaS applications used in typical organisations. Research examined companies of 200-500 employees in size found that, on average, they use over 120 different apps.
A closer look at the type of information moving to the cloud demonstrates why the scope for data leakage has increased. For example, a 2019 study revealed that nearly half (45%) of organisations are storing customer data in the cloud, 42% store employee data, and 24% store intellectual property.
With this in mind, organisations should be taking a range of considered steps in order to stay in control of cloud strategy:
Understand the risks: More data brings the need for more security. The huge investments being made to move data to the cloud means huge levels of customer and employee data, as well as intellectual property are being stored outside the boundaries of traditional on-premises networks.
While the advantages of this approach are well known, it’s a strategy that can bring an increased possibility of data leaks unless appropriate security measures are put in place.
Monitor user behaviour: IT departments often find it hard to keep pace with the sheer number of cloud applications and personal devices that are being used in everyday situations across the enterprise, however, it is a situation that must be addressed.
For example, organisations should have visibility over who is accessing what data, and be alerted to any cross-app anomalous behaviour. This should also extend to visibility over user logins, external sharing and DLP.
Deploy comprehensive cloud security solutions: Despite the widespread use of cloud security solutions, such as access control and anti-malware, businesses need to meet the increasing threat of cloud-based data breaches.
Additional protective measures such as those provided by single sign-on (26%) and data loss prevention tools are important considerations. Also, it is worth remembering that traditional security tools might not work – or have limited functionality – in the cloud, so adopting more appropriate cloud security technology is essential.
Modern solutions, such as cloud access security brokers (CASBs), can provide many of these essential capabilities in one. This is reflected in the research findings of the adoption of CASBs which has risen from 20% in 2018 to 31% one year later.
Indeed, according to a report produced by Gartner, for those organisations that are using many SaaS applications, “. . . a cloud access security broker (CASB) or SaaS management platform (SMP) would likely be a better choice for understanding your SaaS security posture and standardising control and governance across your SaaS landscape.”
Balance cost against effectiveness: In developing a cloud strategy, cost is an inevitable consideration. It’s always going to be a major part of the decision-making process when choosing a cloud security provider, tools, or services. Similarly, issues around ease of deployment and integration will often fall into the mix – whether the solutions are cloud-native or whether it has to do with how cross-cloud security policies are being enforced.
Behind all these influencing factors is a challenge shared by everyone interested in cloud control: a poorly implemented tool will never be as effective and secure as a well-integrated solution that delivers high levels of flexibility and control over data, wherever it goes.