As I’ve talked to businesses and worked closely with partners over the last few months, I’ve seen a real appetite within many organisations to gain true cloud confidence, to support whatever they want to do in or through the cloud. Regular media reports on new and historic cyber attacks and data breaches seem to be fuelling this. From our perspective, being cloud confident starts with deploying an enterprise security service with Cloud Based DNS and Proxy Servers, to combat malware and phishing, extending to web filtering and other premium DNS services. This is your entry point to the Internet and cloud apps, so it’s essential that once you’re in that world, your experience is consistently optimised and secure.
The next element is cloud app security, using products and services accessed from a leading cloud access security broker (CASB) like Netskope or CloudLock: using a combination of API, Proxy, Reverse Proxy and Agents to secure and encrypt data in line with your specific policies and compliance issues. This ensures data is only accessed by people who need to access it, reduces over-sharing (and documents being shared via file attachments), and gives you the ability to stop sensitive data being uploaded into shadow IT or unsanctioned applications like Dropbox or personal cloud storage accounts. This side extends to enabling compliance and visibility on app security and data residency; areas and issues covered include but aren’t limited to Data Loss Prevention (DLP), Malware Fan Out, Encryption, End User Behaviour Analysis, the EU General Data Protection Regulation (GDPR), and enablement and control of Shadow IT - to “embrace rather than block”. Once you’ve addressed how many apps your organisation is using and which are sanctioned, another important element is a Single Sign On (SSO) solution and Identity Access Management (IAM). The biggest threat to security is arguably end user behaviour, including easy-to-remember passwords being used across multiple applications. To help combat this genuine risk to cloud and data security, you can combine an SSO solution with, for example, SecurID access, rights and restrictions enabled by identity management, and Two Factor Authentication (2FA) as an extra layer of security – providing even greater coverage and protection for what could be the weakest link in your set-up.