Cloud computing offers many advantages, but with those benefits come a new range of security concerns.
"From a security perspective, the cloud has introduced new risks," says David Levin, director of information security at Western Union, who oversees the security of applications being used at the money transfer company.
Levin says the first step toward addressing risk is figuring out how much there is ... and that first means knowing which cloud services are being used.
Levin turned to the services of Skyhigh Networks, a vendor in what Gartner calls the emerging market of Cloud Access Security Brokers (CASB). Products in this market basically sit between end users and cloud services, injecting security protocols between the two. Gartner estimates that CASB will be a $3.1 billion market by 2015.
By using Skyhigh, Levin got greater visibility into what apps his employees were using and which ones have appropriate security practices in place.
"Companies know there is stuff going into the cloud they're not aware of," says Adrian Sanabria, senior security analyst at 451 Research Group, which calls this market Cloud Access Control. "CACs can provide that visibility."
The problem is rooted in two major trends occurring at the same time: More and more cloud-based services and applications are being used that sit outside of the corporate firewall - from Salesforce.com and Dropbox, to Google Apps and Amazon Web Services. On top of that, workers are using these services from either corporate laptops or their smartphones. It's created a situation where "there's really no corporate perimeter anymore," Sanabria says.
There have been solutions to these problems before the CASB market developed, but Sanabria says they've been less than ideal. Existing corporate firewalls can monitor traffic coming into and out of a company's network, but they usually provide IP-level analysis and reporting. Advanced firewalls can block certain connections to cloud-based applications or services.
That all works fine if employees are on the company's corporate network where the firewall policies are in place. But what happens when workers go to the coffee shop and hop on the public Wi-Fi, or if they're working from home?
VPN tunnels can be required for users so traffic runs through the company's firewall, but Sanabria says that can be tough to enforce and easy to get around.
That's where CASBs come in. Many of these companies offer a lightweight service, usually delivered as a SaaS that sits between users and the cloud service. Some of the CASBs have a proxy that can sit in front of any cloud app, gating control of it. So, if a service like Skyhigh is enabled with Salesforce.com, then when users log on to Salesforce, Skyhigh would be a proxy sitting in front of Salesforce monitoring what the user is doing in that app, no matter where the user is accessing Salesforce from.
Sign up for CIO Asia eNewsletters.