Cloud app gateways may include capabilities to analyze both the application and usage context in order to create a profile or benchmark of normal activity for each individual user and for each department. Anomalies will trigger alarms, and in many cases policy can be immediately applied such as denying usage or requiring the user to re-authenticate. For example, if a user is accessing an app from an unknown endpoint, from an atypical location and requesting to download a large number of records from salesforce.com — an organization may want to immediately block this activity or verify the user through a one-time password sent to their mobile phone. The ability to detect anomalous behavior enables Cloud App Gateways to prevent man-in-the-middle attacks, compromised endpoints and account takeover attacks.
Cloud app gateways also provide a reliable way to detect malicious insiders. Since these users have legitimate credentials and use recognized endpoints, only intelligent, ongoing analysis of activity can identify and stop insider breaches before they happen. With thousands of employees using hundreds of applications, and new applications being adopted all the time, it is nearly impossible for the IT staff to acquire the necessary application-specific expertise needed to spot malicious insiders.
For enterprises embracing the cloud, cloud app gateways address the need for visibility into SaaS risks and threats.
Sign up for CIO Asia eNewsletters.