Securely Work From Home With CASB
By Neeraj Nayak, Senior Manager, Product Marketing at CipherCloud
The world is witnessing an unseen and unprecedented trend in the past few weeks. While advanced persistent threats have caused an upward trend in data breaches and cybercrime, the introduction of a certain other virus has led multinationals across the world to roll out mandatory work-from-home policies for its employees. To be realistic, considering the fact that we are in a pandemic state of affairs due to the outbreak of "World War C", this is going to be the new normal for many of us for the next few weeks.
So how to keep the productivity meter ticking and keep delivering results while making the transition from office to home office? The answer lies in two Cs - communication and collaboration. Communication is never going to be a hassle. The widespread deployment of broadband connectivity and the availability of tools from Skype to Hangouts has ensured we always remain in touch with our team members from any remote location.
This brings us to collaboration. For years VPN has been the go-to solution for a remote workforce. Designed with the notion of network perimeter security, VPN definitely works for a handful of remote employees securely accessing resources behind an enterprise data center through IPSec or SSL tunnels. But the problem compounds when remote connections increase.
Why is VPN not the right solution for working from home?
VPNs are slow: A VPN can get notoriously slow on the public Internet because of routing traffic through central hubs. How would that impact productivity during business hours?
VPNs are expensive: VPN servers or concentrators are costly appliances, and can manage a limited number of clients. A sudden spike in remote logins may result in frequent server crashes, terminating thousands of active connections.
VPNs are complicated: VPN configurations and management can get extremely tricky for the IT department. A single policy setup can involve setting up the encryption, department-specific subnet configuration, key or certificate association, etc. Managing multiple clients through multiple hubs can get extremely taxing.
VPN is a mismatch for cloud-mobile environment
Let's not forget the elephant in the room - data. With the digital-first and cloud-first approach being adopted by major organizations, data has become the single most important commodity in the industry. But this data is no more behind the secure walls of the enterprise. The concept of network perimeter is blurring with every passing day. In a modern cloud-mobile world, where confidential assets reside in a multi-cloud environment, the concept of secure data access via VPN simply fails. Redirecting every remote user to the enterprise network for SaaS/IaaS access is counter-productive and negates every business benefit provided by the cloud services.
The way forward - a data-centric approach for secure workplace collaboration
Cloud-native organizations create and share data in the cloud, between clouds, and to organizations outside of their purview. Once a user has access to the data in cloud applications, they can do whatever they want with minimal oversight. To enable tighter control and secure collaboration, it is important to enable protection around the data and users accessing the data. Cloud Access Security Brokers (CASB) creates a security perimeter around the data and deploys an array of data protection controls to secure sensitive data, such as data loss prevention, user behavior analytics, threat protection, and contextual access controls. CASB is tailor-made to address the security challenges with the cloud-mobile digital transformation, allowing organizations to achieve Zero Trust cloud security. Here is how CASB enables secure remote collaboration from any location and device:
- Secure mobile access: The agentless architecture of CASB ensures quick, frictionless deployment, delivering full cloud security functionality without any resource intensive installation of agents and expensive upkeep.
- Zero trust identity protection: As cloud-based collaboration rapidly grows, organizations need assurance that users accessing the SaaS applications are who they say they are. CASB combines with IDaaS solutions to deliver end-to-end user and data security from any device, any location, to all trusted cloud applications, enabling zero trust cloud security. While the IDaaS solutions verify the user at the door, CASB's Adaptive Access Controls enable contextual access based on managed or unmanaged devices, time of the day and geolocation, and can terminate the connection or step up the authentication based on any data access anomaly.
- Visibility and threat protection: CASB logs all the user activity in sanctioned clouds, allowing you to shut down unauthorized users and malicious activities. CASB's UEBA (User and Entity Behavior Analytics) monitors all user, device and application activities and detects anomalous behaviors using deep machine learning algorithms.
- Prevent data leaks across multiple touchpoints: Cloud DLP is essential to prevent leakage of sensitive data in motion or at rest. CASB's Cloud DLP provides a consistent policy to identify and protect sensitive data in emails and cloud apps, preventing accidental data loss.
- Secure offline data shares: While DLP allows you to secure all the data in the cloud, it is equally important to ensure the same data remains secure when it gets downloaded and shared with external collaborators. CASB's Information Rights Management (IRM) enables last-mile data protection by encrypting sensitive data, reports, and emails during downloads, allowing data decryption only through an IRM client installed on authorized devices. On the loss of a device, the data access can be remotely revoked, along with digitally shredding any sensitive content on the device.
- Encrypt before upload: CASB data protection solution identifies and encrypts sensitive content in motion, before it gets hosted in the cloud, allowing organizations to retain exclusive control over the sensitive data and delivering end-to-end zero-trust protection without compromise.
What does the future look like?
Traditional VPNs are running out of steam. According to Gartner, 60% of the enterprises will phase out their VPNs in favor of zero-trust network access. The focus of CASBs towards providing organizations with deep data visibility, adaptive access controls and real-time data protection against zero-day threats makes it an ideal solution for BYOD users. The future belongs to human-centric security with data and identity at the center stage.
Jason Bagley: Editor, Privacies
06/09/2020 3:33 AM
Hi Elisa Morrison. I agree with most of your points about the VPN especially the slow speed. I have read on different platforms where VPN providers have openly mentioned that their VPN will reduce the speed of your internet connection because of high end-to-end encryption. In the future, a VPN...Reply from CSA Circle