COMMENT
ROLF HAAS
Enterprise Technology
Specialist at Intel Security
Trust in cloud providers and services
is growing, but 72% of decision
makers in the survey still point to cloud
compliance as their greatest concern.
That’s not surprising given the current
lack of visibility around cloud usage
and where cloud data is being stored.
The wider trend to move away from
the traditional PC-centric environment
to unmanaged mobile devices is
another factor here.
Take a common example: an
employee wants to copy data to their
smartphone from a CRM tool via the
Salesforce app. The problem is that
they have the credentials to go to
that cloud service and access that
data, but in this case, they are using
an untrusted and unmanaged device.
Now multiply that situation across all
of the organisation’s cloud services
and user devices.
There is clearly a need for better cloud-
control tools across the stack. Large
organisations may have hundreds or
even thousands of cloud services being
used by employees – some of which
they probably don’t even know about.
It is impossible to implement separate
controls and polices for each of them.
Hybrid cloud security
To securely reap the benefits of
www.intelligentcio.com
cloud while meeting compliance and
governance requirements, enterprises
will need to take advantage of
technologies and tools such as two-
factor authentication, data leakage
prevention, and encryption, on top of
their cloud services and applications.
Increasingly, organisations are also
investing in security-as-a-service
(SECaaS) and other tools that can help
orchestrate security across multiple
providers and environments. These
help tackle the visibility issue and
ensure compliance needs are met.
That’s why I believe we are starting
to see the rise of so-called “broker”
security services. These cloud access
security brokers (CASBs) will enable
consolidated enterprise security policy
enforcement between the cloud service
user and the cloud service provider. In
fact, Gartner predicts that by 2020,
85% of large enterprises will use a
CASB for their cloud services, up from
fewer than 5% today.
The key to this is for companies to be
able to seamlessly push and enforce
their own security policies from an
on-premise proxy infrastructure to a
public infrastructure. For the enterprise,
this provides the ability, if required, to
encrypt corporate data that sits in a
public cloud service and offer complete
TO SECURELY REAP
THE BENEFITS
OF CLOUD WHILE
MEETING COMPLIANCE
AND GOVERNANCE
REQUIREMENTS,
ENTERPRISES WILL
NEED TO TAKE
ADVANTAGE OF
TECHNOLOGIES
AND TOOLS SUCH
AS TWO-FACTOR
AUTHENTICATION, DATA
LEAKAGE PREVENTION,
AND ENCRYPTION,
ON TOP OF THEIR
CLOUD SERVICES AND
APPLICATIONS
protection for every endpoint. It
means the same security policy is
applied to the end users regardless of
how or where they have connected,
whether that’s through a public or
private cloud, from a smartphone in a
coffee shop or a Wi-Fi hotspot at the
airport. Another example of hybrid
security in action is where a company
is using the infrastructure of a public
cloud provider, such as Amazon, but
retains control and ownership of the
server in that infrastructure. It can be
managed by themselves and, using an
Amazon API, enables encryption of the
whole server within that public cloud
environment.
Cloud adoption in the enterprise is
rapidly approaching a tipping point
and now more than ever, there is
need for a new model of ‘cloud-first’
integrated security that enables the
centralised control or orchestration of
the myriad of cloud services and apps
employees use across the enterprise.
Cloud security is now a critical element
of any business, and it needs to be
taken seriously from the boardroom
right down to the end users.
INTELLIGENTCIO
25