RSA Conference 2020: Focusing on Human-Centric Security

By Salah Nassar, VP of Marketing at CipherCloud

Without a doubt, the top focus at the RSA Conference 2020 was human/people-centric security. This year’s conference messaging focused on the Human Element – which makes perfect sense. We are in a time of cloud mobile digital transformation, in which organizations are adopting a cloud-native or a cloud-first initiative -- especially for collaboration and infrastructure.

This year saw a record number of vendors showcasing best-in-class and best-of-breed technologies. This is a great thing for the market. The only way the security and cybersecurity industry can keep up or stay ahead of bad actors is to continue to focus on best-of-breed technology.

There were dozens of vendors in every security category, including endpoint, edge security, connectivity optimization, privacy, data protection, and configuration management. They all had one thing in common: They are solving for the cloud-mobile environment. Their solutions are focused mainly on cloud delivery as a service. The security world is moving to solve for the cloud environment and deliver cloud-based solutions.

The ever-growing cloud mobile world

We’ve all seen the weekly barrage of news about the growing number of security breaches and the almost total failure of our legacy cybersecurity architectures. The transition to a cloud mobile world has happened faster than any of us had anticipated, and is partly why many breaches have happened: Forgotten open shares, poor access controls, malicious insiders or accidental mistakes. All pointing back at users – the human element.

Today, the new normal is that your enterprise might have several cloud deployments…perhaps a mixture of private and public clouds hosting internally developed applications such as accounting, finance, or special manufacturing operations software, along with public clouds providing software as a service (SaaS) applications such as Slack, Box, Office 365, Salesforce and others. This cloud mobile world requires that you administer cloud environment separately. Each has different security capabilities. Of course, integration between these clouds and existing on-premise systems is the complexity icing on the cake. So many security stacks and very little in the way of consistency.

The cloud mobile world is tied directly to the explosion in wireless and mobile devices. Most employees expect to access enterprise resources from their mobile devices, and organizations often don’t have the policies and security controls in place to put the guard rails on this access.

The cloud has also created some dangerous temptations. Many employees on authorized corporate platforms access cloud applications that might fail to protect confidential data and violate compliance requirements. Yet the enterprise has no visibility to any of this.

Meeting cloud mobile security challenges with CASBs

CASBs are tailor made to address the security challenges with the cloud mobile digital transformation. Here is how a CASB can help and what to look for in a CASB.

• Integration with the cloud mobile world. CASBs provides the integrations you need to share information between systems using native application program interfaces (APIs). This consolidation reduces the complexity of trying to use multiple security solutions. You can administer policies consistently across the cloud and other platforms.
• Visibility that gives you control. A CASB enables you to see and log all activity to your authorized clouds. This gives you the data you need to support compliance, secure sensitive data more effectively, and shut down access to malicious and anomalous activity. Most important, you have visibility of potentially unauthorized and out-of-policy activity that places your organization at risk.
• Cloud Data Loss Prevention (DLP) - integrate or stand alone. Cloud DLP is essential to prevent leakage of sensitive data. CASBs provide one consistent DLP interface that you can use across the variety of clouds you deploy, even your custom applications. Yet you can also integrate CASBs with your existing enterprise DLP products so that policies can be applied consistently across your enterprise. Most important, with out-of-policy behavior comes the ability to revoke access to content at any time. This could be critical to prevent a data breach.
• Zero Trust encryption – beyond “at rest” encryption. First-generation CASB solutions with “at rest” encryption are no longer enough to protect your clouds. Attackers have successfully breached the APIs that have enabled them to compromise even encrypted cloud data.
• Zero Trust human-centric policies based on user behavior and threat protection. If a CASB includes integrated advanced threat feed data, it can be used by the CASB engine to detect and shut down malware quickly. You can leverage your existing security ecosystem to optimize response to malware threats. Technologies such as user experience behavior analysis (UEBA) and advanced access control (AAC) can detect anomalous behavior by a user with valid credentials and block their access to your data. Examples of anomalous behavior might include a user downloading several gigabytes of files at 2 a.m., or attempting a valid log-in from Beijing only two hours after logging in from Chicago, Illinois.
• Zero Trust identity controls with SAML integration and single sign-on (SSO).Consider looking for a CASB that provides full support for SSO integration to streamline and protect authentication, and to maintain comprehensive logging of user access.

Instead, look for a next-generation CASB that brings a comprehensive encryption solution that protects data no matter where it is -- “at rest,” in network transit, in the cloud application layers (API, middleware, memory), and in use. In this instance, data encryption keys are retained only by you; they are never shared in the cloud. It is also helpful to look for a CASB that enables single key management and a consistent approach to policy controls for all of your cloud applications.

In summary, CASB technologies can give you the strong security you need to support the cloud mobile digital transformation. It can help you avoid cumbersome administration of multiple and disparate security stacks, and improve your user experience substantially.

The future of cloud security: CASB as a foundation for SASE

Gartner has recently introduced a new cloud architecture, Secure Access Service Edge (SASE), pronounced “sassy.” SASE is the future of cloud architecture, solving the complexity of siloed security infrastructure, policies, and measures that are currently divided among on-premise security, legacy solutions, and cloud security.

While this concept is not new, the closest architecture that discussed continuity between on-premise security and cloud before SASE has been the Zero Trust Framework by Forrester. The difference with SASE is that it proposes an architecture we can see taking shape today. Starting with Cloud Access Security Brokers, Software-Defined WANs, Virtual Private Networks as a Service, Firewalls as a Service, Secure Web Gateways, Cloud DNS Services, and Software Defined Perimeter solutions, it is clear that we are in a cloud-first security environment. The only on-premise solutions left are either for industry-specific security measures (for example, governments) and large organizations that require hybrid deployment for the foreseeable future.

CASBs are focused on replicating the kitchen sink of on-premise security, rearchitected for scale, advanced functionality, centralized management, and ease of operations, to provide organizations the right solutions to maintain full visibility of users and data, protection against zero-day threats, ransomware, data breaches, malicious insiders, and protection of data at rest and in motion.

However, the power of CASBs comes in their ability to integrate with enterprise applications and legacy solutions, allowing customers to extend their investment of on-premise solutions such as endpoint and network DLP, integrate with new cloud focused architectures such as SD-WAN and IAM/SSO solutions, and help operationalize security (specifically cloud security) through integrations with SOC applications for SEIMs, EDR, threat hunting, UEBA, and more.

Upcoming Webinar: A 5-step guide for achieving CCPA Compliance in Cloud Apps

Join this live webinar discussion on March, 19, 2020 where industry experts will provide valuable insights on the impact of CCPA on cloud security and how CASB enables your organization to remain CCPA compliant while pushing the cloud-first strategy.

About the Author

Salah is a seasoned marketing executive with 20+ years of experience in cybersecurity, networking, in enterprise and SMB markets. Currently, Salah is the VP of Marketing at CipherCloud and responsible for product marketing and growth marketing. Most recently he headed up enterprise security product marketing efforts at Symantec for 10+ product lines with global responsibility. Previous to Symantec, Salah has held marketing leadership or dual product & marketing leadership roles at companies such as Cisco, Aruba, and NETGEAR. He has a passion security, for taking innovative products to market and helping companies accelerate growth at any stage.