Cloud - it can be secure
Cloud migrations and usage have numerous benefits; as adoption increases, the manageability, specifically security operations, faces numerous challenges.
There are a number of factors considered when choosing a cloud service provider. This ‘Trust’ factor is a combination of multiple things such as: compliance certification (HIPAA, PCI-DSS, NIST 800-53, GAPP, COBIT, TRUSTe), compliance standards (SOC1, SOC2, SOC3, SAS70/SSAE61, ISO27001, ISO/ICE 2718), and adherence to security standards and practices around data encryption, data ownership, access controls, access policies, auditability, disaster recovery, business continuity, service level agreements, and reported vulnerabilities / breach of security incidents.
From a security operations perspective, incident response, log aggregation, user access enforcement, malware protection, and context based data protection becomes difficult. When multiple SaaS, PaaS and IaaS solutions are in use, this exponentially becomes a laborious task.
Cloud Access Security Brokers (CASB) address these issues. CASB sits between the end user and the cloud solutions to provide visibility (reporting / analytics), compliance enforcement (data at rest, usage and sharing, access), security (encryption, DLP) and malware / ddos protection. CASB’s provide the ability to find, understand, and secure cloud applications.
We learned that the challenges with securing multiple enterprise cloud applications are typically in these three areas:
- Policy - Aggregation and identification of authorized applications
- Enforcement - Traffic management so that CASB’s can inspect traffic
- Cloud provider’s security posture and ability to provide enforcement points
The innovation and quick adoption makes it difficult to manage every cloud provider, we are able to provide analysis on 19960 cloud providers as of this publishing date.