Additionally, to investigate suspicious activity or perform forensic analysis, IT must have detailed activity records, granular down to the level of the specific data objects, user actions, location and other variables. Individual cloud applications are unlikely to provide uniform types of data.
A cloud app gateway will include discovery tools to clearly identify the cloud apps in use and who is using them. Integrated dashboards provide a central point of visibility for the purposes of understanding risks and monitoring apps. The gateway can provide visibility over who viewed or modified what data, and when. They can provide visibility into administrator activities, including settings, permissions, and data access. The gateway should also be able to apply risk scores to cloud activity and create actionable alerts which can be sent to the enterprise's security information and event management (SIEM), and IT governance, risk management and compliance (GRC) systems.
Managing cloud app risks
While SaaS applications operate in the cloud, they integrate with an organization's endpoints, users and data. In order to manage and mitigate risks, cloud gateways should have the capability to distinguish between managed and unmanaged (i.e. BYOD) endpoints and enforce policies accordingly. For example, a cloud app gateway can enforce an organization's requirement that only managed endpoints under Mobile Device Management (MDM) controls can download sensitive information or access specific applications.
By understanding the application and usage context for each app, cloud gateways can enforce granular policies on a per app or per user basis. For example, Finance teams may be prohibited from sharing Google Apps documents or folders with external parties during financial reporting periods, and sales management may be challenged with strong authentication in order to change security settings in Salesforce.com.
Cloud app gateways should also be data-aware, meaning capable of classifying apps that use Personally Identifiable Information (PII) or Payment Card Industry (PCI) data and enforcing policies accordingly. For these types of apps, they can generate an audit trail of all user access to a particular cloud-based service, including associated permissions and activity ranging from login events to full post login actions. These gateways can generate reports suitable for either internal and external compliance audits, plus exposure reports for forensic analysis.
If the gateway has in-depth monitoring and tracking of all administrator data access down to the object and action level, along with changes made to administrator settings, it makes it possible to manage the risks associated with privileged users. It also facilitates the separation of duties between the SaaS administrator and the IT security administrator, as required by some regulations.
Blocking attacks that target cloud data
While encryption can certainly help with cloud security, if an attacker steals an employee's login credentials they will be able to access the data — encrypted or not. Moreover, the access credentials don't even have to be stolen, as malicious insiders are always a concern, and harder to detect. The ever-present nature of cloud-based threats is such that protection must be immediate and automated.
Sign up for CIO Asia eNewsletters.