Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to address SaaS visibility and security using cloud app gateways

Ofer Hendler, CEO, Skyfence Networks (an Imperva company) | June 18, 2014
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Today, any employee with a credit card can subscribe to a cloud application — and create a security and audit blind spot for the organization. A stolen username and password are all that an attacker needs to access sensitive corporate data from cloud-based services like Salesforce, Dropbox, Google Apps, NetSuite and Workday, without the knowledge of IT.

The answer, increasingly, is to adopt cloud app gateways, which can both identify and mitigate risks automatically, and remove the blind spots that cloud-based services often create. Cloud app gateways achieve this by first automating the discovery of both sanctioned and unsanctioned cloud apps that employees are using — this step provides IT security and compliance teams the critical 360 degree view of who is using what apps and to what extent. Once this visibility is obtained, some cloud app gateways add further value through three related functions: application-aware data and activity monitoring of services; automatic protection against cyber threats and malicious insiders; and by providing audit trails for compliance management and forensic analysis.

Gaining visibility into shadow IT

For end-users, a major attraction of cloud-based services is they can be provisioned on the fly without involvement from IT or even the corporate bureaucracy — resulting in what some call shadow IT. Consequently, regulating cloud app use is typically a losing proposition and IT must instead adopt measures to discover, monitor and enable employees to be productive when using them.

Cloud gateways can monitor and review user behavior related to each application in a consistent and reliable manner — providing who, what, when, why and how information for any application. They can perform risk analysis to determine whether applications are adhering to corporate security policies.

For example, cloud gateways can assess the number of users, traffic volume and risk profile of the service provider, where they are located and the security measures that they employ. This enables organizations to decide whether they want to block or allow the app, or enforce other specific security measures to ensure safe and compliant use.

In theory, such monitoring could be performed through the logging facility of an individual service, once its use is discovered. In practice, the level of available information, and its formatting, varies greatly from one cloud app to the next, as do the nature of the user-facing controls. And with the number of cloud services constantly increasing, it is clearly not feasible for IT to implement a unique mechanism or procedure for collecting and analyzing logs from each cloud service. Indeed, each service would have its own learning curve. Instead, organizations need a simple and consistent way of monitoring every new service automatically, along with a consistent way to normalize security and compliance standards across a heterogeneous set of cloud apps.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.