Are you threatening me? How CASB can help mitigate internal and external risks in the cloud.By Adil Siddiiqui
Cloud computing has brought about an entirely new world of cyber security issues. The ubiquitous connectivity that it represents not only pertains to the advantages that it delivers, but also to a new perimeter that must be guarded as much from the inside as the outside. In fact, the mantra that I continually use when discussing resiliency with our customers is the idea that there are only two real threats to consider: the threats that reside outside the organization—and those that reside inside the organization.
And though that may sound dire, the fact is threats can come from employees as much as from cyber criminals. Now, I’m obviously not implying that all employees are somehow cyber criminals waiting to pounce when the opportunity arises—far from it. In the case of internal threats, the instances where actual malicious behavior occurs are extremely low. The real threat comes from simple human nature: people being either naive around potential threats, or just complacent when interacting with the cloud.
This is why a comprehensive cloud security infrastructure such as Cloud Access Security Broker (CASB) is imperative for companies to manage security policies: CASB is built to monitor the traffic between on-premises devices and the cloud.
The true value of CASB is the insight that it delivers along with subsequent controls—using auto-discovery to identify everything from what particular cloud applications are currently in use, to identifying high-risk applications. For instance, one of the major culprits of potential threats can be people practicing what is known as shadow IT, spinning up cloud applications for their own use that reside outside the company’s infrastructure. These can include productivity apps such as Trello or Slack, communications apps like Skype, and even cloud storage apps such as Google Drive or Dropbox.
And with any of these apps, there’s probably no malicious intent: people use these because they are familiar, work well to enhance productivity and communications, and make personal daily tasks easier to manage. This is where CASB can help by enforcing any number of security access controls to enable encryption, device profiling, and provide credential mapping when single sign-on is not available.
In short, early detection and subsequent response can save the day. And whether threats are due to simple negligence on the part of an employee, or come in the form of a more maliciously intended inside threat, such as threats from privileged users or compromised accounts, the outcome should always be the same: stopping the threat before real damage can occur.
But how is this accomplished? Companies need to encompass a people, process and technology approach combined with a data-centric approach to security. First, build on the people and process foundation to provide a data-centric solution that will protect the organization against current and future threats. It’s crucial: processes should be created and socialized in a manner that best fits corporate culture, existing processes, and people’s individual needs as they pertain to job function.
Unfortunately, trying to navigate such an undertaking is not always the easiest thing to do—at least not internally. That said, not all is lost. It’s this stage where professionals are the best course of action. Knowing how to create policies that improve workflows and not impede them is where experts shine. More so, having a fresh look at cyber security infrastructure and how it relates to daily processes is never a bad thing. The insight that can be brought to the table can be as invaluable as the security project itself.
And finally, there is the technology. Though it’s the proverbial linchpin that holds the entirety of the project together, it’s important to choose the solution that best matches the process and people part of the equation. After all, if the final result not only addresses security needs, but also the attitude of people towards it, then the consequences can be far greater than anticipated.
Educate the people, empower them, and make their lives easier, and you will find that all employees will take a stance against the world, asking the question on behalf of the organization: “Are you threatening me?” That’s where real cyber security resides.