10 Must-Haves from “Cloud Security for Dummies”
Blog Article Published: 01/06/2015
By Krishna Narayanaswamy, Chief Scientist, Netskope We are excited to announce the availability of “Cloud Security for Dummies,” a book that my co-founders and fellow chief architects and I collaborated on based on our interactions with the most forward-thinking CIOs, CISOs, and cloud architects from around the globe and virtually every industry. In the book, we compile the best recommendations and advice from this group of experts. The book is full of advice ranging from how to think about cloud compliance to implementing a cloud policy to getting users on board with cloud security. Below is a summary of our must-haves for ensuring a safe transition to the cloud.
- Discover apps. Discover the apps in your environment and assess their risk — both inherent and in the context of how they’re used.
- Segment apps. Segment your apps by whether they’re sanctioned (managed by IT) or unsanctioned (brought in by departments or by individual users).
- Secure access. Secure access to your sanctioned and ideally unsanctioned business apps, with single sign-on (SSO).
- Audit activities. Understand user activity and its context. Who’s downloading from HR apps? Who’s sharing content outside the company, and with whom?
- Understand content. Understand and classify sensitive content residing in, or traveling to or from, your cloud apps.
- Detect anomalies. Monitor cloud apps for anomalous activity that could signal compromised credentials, security threats, noncompliant behavior, data theft or exposure, and even malware.
- Enforce granular policies. Define granular policies that are enforceable in real-time, across both sanctioned and unsanctioned apps, regardless of whether users are on-network or remote, and whether in a web-based or native cloud app.
- Protect data in context. Have a data protection strategy. For highly sensitive content that can’t be in the cloud at all, define policies that prevent it from being uploaded to any cloud app. For the next tier of content that can reside in the cloud, apply the appropriate level of security policy. This may include encrypting data before it reaches the cloud and/or limiting sharing options based on device, instance, or location.
- Ensure compliance. Ensure regulatory compliance with continuous cloud monitoring, maintenance and review of cloud audit trails, remediation, and reporting.
- Coach users. Coach users both through conversations and in an automated way. Let them know when they’ve done something that’s out of compliance (ideally in real-time, as the action is occurring), whether you block them, let them report a false positive, or let them bypass the policy with a justification.