Security Experts:

Get Your Security in Shape for the Public Cloud

Summer will be here before we know it and for many that means getting off the couch and in shape, but you need a workout program that’s right for you. Boot camp, 20-minute abs, high-intensity interval training, you name it – there are a lot of options. Just make sure you pick one that fits your needs and delivers results or be ready to make a switch.  

The same is true as you move more of your computing environment to the public cloud – you need an approach that’s right for you. In my last article I talked about how much of the IT innovation is happening in the public cloud. To ease the transition and begin to reap the benefits for instance from Software-as-a-Service (SaaS), organizations can use a security framework built specifically for the cloud. There are various frameworks available to help develop your cloud security architecture. The key is finding one that works for your organization and that you can adhere to in order to stay focused on the end goal. 

A framework should be a vehicle for action – a way to structure how you think about the public cloud, breaking the transition down into phases and approaching it in an organized way, but flexible enough to accommodate change. It must help you address questions like: What infrastructure, apps, and data are moving to the public cloud and when? Are the controls we have sufficient and if so how do they translate to the cloud? If they aren’t sufficient, or if shifting to the cloud will introduce gaps in our defenses, what security precautions can we take? As we consume new apps and services from the cloud can we adapt security easily and cost-effectively?

Cloud Security Architecture

Providers of cloud services are building security into their SaaS offerings which can get you started. But think about the many different ways users will want to use services like Office 365, Google, Box, Dropbox, Salesforce, etc. For example, accessing email and documents from an unmanaged PC, sharing data with third parties, or tracking sales and forecasting which includes sensitive customer information and credit card data. How well do your current cloud services address these use cases and are there gaps?

Not only do you have to consider boosting protection for sanctioned app usage, you also have to contend with shadow IT. Users can easily purchase whatever tools they feel they need to get their jobs done without ever involving the IT organization. Obviously, you can’t protect what you can’t see. What tools are available to protect all the cloud apps in your environment?

According to Gartner, by 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures. Looking at just Office 365 deployments, by 2018, 40% will rely on third-party tools to fill in gaps in security and compliance, which is a major increase from fewer than 10% in 2015.

Enabling different permissions based on users, devices, and policies can typically be done inside each cloud app. But it becomes very cumbersome to manage and even untenable when you have hundreds or thousands of users. You need a simpler way to make sure the right people have the right access to the right data and that the data remains protected. Solutions that allow you to control and discover SaaS apps and protect data usage in the cloud, while enabling employees to get their work done from wherever they are and securely collaborate, must be part of your architecture.

One type of tool to consider is a Cloud Access Security Broker (CASB). This technology was designed to help you stay secure as more users turn to cloud services and access them from within and outside the enterprise. A CASB provides a single pane of glass for management and, through APIs, can connect different parts of your cloud security architecture together so they can work in unison as a cohesive unit. For example, if a user leaves the organization or changes roles, access can be updated automatically across all cloud services. As your company starts to consume and secure more SaaS applications, achieving this level of automation and integration becomes even more critical. Through this single pane of glass a CASB can also monitor your cloud environment to detect and secure sensitive information. It can also discover and control cloud apps connected to your corporate environment so you can reduce the use of risky apps.

However, as is often the case, technology alone won’t address the security gaps you encounter as you transition to the cloud. New skill sets are also required. Since the nature of the cloud is more open and API-focused than most on-prem solutions, you need security staff with knowledge of scripting languages like JSON and Python used to write APIs. An understanding of how to incorporate automation into your security processes is equally important so you can take full advantage of your existing investments in cloud services.

Just like getting off the couch and into shape can be overwhelming, the same can be true for transitioning to the public cloud. But with a structured approach that helps you ask the right questions, and hone in on the right tools and skills you need, you can keep your strategy on track. And, more than that, you can reach the ultimate goal of enabling an ever-mobile and connected workforce and securing them anywhere and anytime. 

view counter
Ashley Arbuckle, Cisco’s VP/GM, Global Security Customer Experience, is responsible for the company’s security services portfolio, designed to accelerate customers’ success and deliver an exceptional customer experience. With over 20 years of security and customer success experience, Arbuckle has a long record of accomplishments that span security consulting, enterprise security operations, product management and general manager responsibilities. Arbuckle started his career in security consulting at PwC working with Fortune 500 customers. After PwC he joined PepsiCo, where he led enterprise security and the strategic planning process for PepsiCo’s IT budget of over $2 billion. He has a BBA in MIS and Accounting from the Rawls College of Business at Texas Tech University, is a CPA, and holds a CISSP and CISM.