Cloud computing provides huge benefits to the enterprise in the next wave of digital evaluation and will add further values as compute costs go further down. There are various benefits of using cloud services such as pay-as-you-go, being able to quickly scale up or down to match the demand, and developing new solutions by using emerging technologies like big data analytics, IoT, and machine learning capabilities.
However, it also raises the cyber security challenges for enterprises to protect and secure the sensitive data and grows the privacy concern, and poses risk of IT team’s ability to prevent the loss or non-compliant exposure of sensitive corporate data.
Enterprises are struggling today with the challenges of how to manage their cloud security risk as the business sensitive and PII data move out to the could. Blue Coat’s Shadow Data Threat Report indicates that vast majority of business cloud apps do not meet enterprise standards for security and can put enterprises at risk of compromise. The report further indicates that 63 percent of risky user activity in the cloud attempts to exfiltrate business sensitive data.
[ ALSO ON CSO: What is a cloud access security broker and why do I need one? ]
One of the emerging and fast growing segment of cloud security is the Cloud Access Security Broker (CASB) and can help enterprises to solve these challenges to a great extent. However, since technology is still evolving, therefore there are no standards or frameworks available today for the enterprises to easily select one vendor over another who meets the standards or use the frameworks.
So it becomes a challenging initiative for enterprises to include CASB in their cloud security strategy. It requires considerable efforts to evaluate multiple vendors against the unique requirements and objectives that enterprises have to meet before they can implement the solutions or select the vendor technology.
CASB can help address gaps in security resulting from the significant increase in cloud service adoption and enterprise mobility. CASB solutions deliver some of the unique capabilities that are generally unavailable in security technology like Web application firewall, secure web access gateway etc. these capabilities are provided across cloud services delivery models SaaS, IaaS and PaaS.
With respect to the functionality, CASB solutions generally provide visibility, compliance, data security and threat protection, and the technology can be deployed as a SaaS app, on-premises virtual or physical appliance as enterprises prefer or use case basis. In addition, enterprises need to carefully evaluate the vendors and the list of applications and services supported. For example, one CASB vendor could support MS Office 365 vs another just supports BoX or Dropbox or BYOD use cases. Enterprises can also leverage CASB capabilities to discover what cloud applications are used in their enterprise. Otherwise IT department will not have visibility as to what cloud apps and services their employees are using at the workplace which could lead to exposure of sensitive corporate data.
Further, to meet today's cybersecurity challenges a technology or solution can provide value add to the enterprise if it runs in silo without integration with the enterprise technologies. Therefore, it is a critical for the enterprise to evaluate the solution to gauge if it can be integrated with their environment and existing security technology landscape. Some integration points could be identity and access management, security information and event management for single view of security events and support existing security incident response processes. Some provides endpoint agents exclusively to be installed on endpoints for the coverage and other solutions could be implemented using proxy configuration.
Lastly, it is also very important for enterprises to consider during the evaluation of a CASB vendor solution to check if on-premises data protection solutions like data loss prevention technology can be integrated with CASB solutions and services for enterprise wide data protection security policies and controls and not consider cloud applications in isolation from on premises data environment.
This article is published as part of the IDG Contributor Network. Want to Join?