People use cloud-based applications in their personal capacity and at work because they make our lives easier and improve productivity. However, by bringing in new applications without company regulation, we could be causing a real problem for our employers from a security perspective, says Christo van Staden, Forcepoint Regional Manager: Sub-Saharan Africa.
“Without governance and IT team visibility, cloud applications are ripe for the picking by cybercriminals looking for a way to access company networks. By connecting devices, they’re getting an easy way in,” says Christo.
A company’s IT security department has two options to address this. They can either stop the use of the new app until it is formally sanctioned by IT, or allow its use while working to support it as quickly as possible. Neither of these options are ideal, especially considering that supporting an app could take weeks or months.
“This makes it critical for any cloud security solution to support new or custom apps quickly. While the adoption of productivity-boosting cloud services has increased over the past few years, many organisations are still unwilling to permit a move to the cloud because of security and compliance concerns,” says Christo.
Whether employees are using unapproved endpoint devices (BYO) to access approved cloud apps or downloading and using unapproved cloud services, cloud applications can be targets for account takeovers and malicious insider threats.
Cloud service providers also have a role to play in providing security capabilities that address mobile and cloud application security blind spots.
“Security in the cloud is however most often a shared responsibility. While cloud service providers have a responsibility to protect data and be transparent with their customers, it’s up to the user of those services to secure data within the cloud. But if you don’t know which apps are being used and what data resides there, it’s hard to take responsibility for it,” says Christo.
Forcepoint recommends a five-point checklist when looking for a cloud security solution. Companies today require a product which:
1. Provides visibility into what users of both sanctioned and unsanctioned apps are doing in the cloud to understand risk and protect users and data.
2. Monitors and controls how users interact with any cloud application.
3. Identifies users at risk and prevents risky usage.
4. Enables policies and protections that are specific to users accessing cloud apps on BYOD (unmanaged) devices.
5. Delivers data loss protection (DLP) to protect data at rest in the cloud and data in transit.
“In this way, users get the apps they want and the IT security department has the visibility and control it needs,” concludes Christo.
For more information, contact Forcepoint via www.forcepoint.com.
Knowledge is power! Sign up for our newsletter: http://www.buildinganddecor.co.za/register/
Subscribe to our free magazine on http://tiny.cc/floorsfreemag or join other discussions on http://www.facebook.com/buildinganddecor, http://www.twitter.com/buildingdecor and https://www.linkedin.com/showcase/10172797/