Cloud and Compliance. The struggle is real.By Bill Dunnion
To say that we live in a world with unprecedented access to technology would be a profound understatement. And, as everything from computers to mobile devices and more can seamlessly connect to the cloud and to corporate infrastructure, the freedom that people have to work from anywhere, anytime, and on any project, is nothing short of miraculous.
Furthermore, that freedom of connectivity also comes with even more benefits. Employees now have unfettered access to corporate assets—all designed to lead to more collaboration, productivity, and flexibility for ultimate corporate success. Projects are no longer locked behind the doors of an office building. Files can leverage the cloud to access everything from email to CRMs, to marketing tools, to files, and more.
Aside from an always-on paradigm that leads to greater productivity, Software as a Service (SaaS) applications play a major role in infrastructure—saving countless dollars by reducing everything from costly infrastructure, to upgrade costs, to bringing about evergreen technology—greatly reducing the struggle of software and hardware maintenance that once ruled the IT domain.
But for all of the advantages that companies gain from cloud technology, it comes with the ever-increasing struggle to secure the proverbial walls from attackers—from inside and out. The same freedom of connectivity and access that is leading to improved productivity and corporate dividends is also forcing IT teams into a highly complex world of cyber resiliency. Ensuring that the company can monitor and manage access to ensure ongoing productivity while also maintaining legal compliance is a new level of never-before-seen complexity.
Let’s face it, cyber crime attacks on business and the vigilance needed to thwart 24/7 threats is a reality that we all must deal with. However, even though the threats are very real and at times very scary, the reality is business can’t stop because of it. This means that security must be addressed, but not in an either/or scenario of choosing between security and productivity—ultimately, sacrificing one for another.
Instead, IT security teams should address the needs of the business by implementing a combination of policies, processes, and tools that will achieve compliance, protect important data as it travels to and from the cloud, and still deliver the freedom of access to employees as previously mentioned.
The first step is to establish policies that meet compliance guidelines, as well as operational goals. Setting a basis for risk classifications as they apply to users, applications, and data, will create the roadmap that will enable security and productivity to live in lock-step with one another without hindrance. To be very clear, getting this step correct the first time is paramount as inadequate policies are guaranteed to put your data and your company at risk.
The next step in the process is extending on-premise policies and procedures to the cloud. To do this, Cloud Access Security Broker (CASB) must be implemented. First, CASB will help secure data flowing in and out of cloud vendor environments by enforcing a company’s compliance policies, but there is so much more. As mentioned, SaaS is a fantastic resource, but also one that must be secured. CASB helps by delivering visibility into the related end-users, data, and apps.
It’s this visibility that leads to ultimate control—showing where data is residing in the cloud, and where the data is most at risk—while offering a consolidated view of sanctioned and unsanctioned cloud service usage along with data regarding who is accessing what data, on what device, and from what location. And when paired with data loss prevention (DLP), CASBs can help foster closed loop monitoring and controls over user interactions with data. And with advanced analytics, CASB can even empower IT with insight into risks based on certain behaviors by calculating the differences between company-wide trends and deviations from what is deemed as safe behaviors.
In all, CASB can easily bridge the duality of compliance and cloud. The real challenge is simply finding the right partner with the expertise to know how to maintain compliance, security, and access—ultimately, all leading to success.