How to secure cloud-based collaboration, emails, and messaging apps
Published 06/23/2020
By Ishani Sircar, Product Marketing Manager at CipherCloud
We can secure information across multiple enterprise clouds
Data leaks. Data breaches. Tighter security controls. Yet more breaches. A continuing cat-and-mouse-game. As both the way we do business in a distributed environment and apps mature and evolve, more businesses are adopting and expanding their reliance on apps for day-to-day operations. This in turn means ease of sharing data and information is key to staying agile and relevant.
Information flows across endpoints, clouds, users, and is critical to continuity of business in the cloud era. However, developing a holistic information security program entails a deep understanding of all the entities across cloud environments and how they interact with each other..
If only we knew where all our data is and if we can control data leaks
The last few years have belonged to the cloud - SaaS, PaaS, IaaS. Most organizations today have a galaxy of SaaS apps that are accessed by several internal and external collaborators for routine business ops. While productivity hasn’t taken a hit in the new norm, security sure has. Organizations have exposed sensitive data without understanding the cloud it resides in or how the information is being accessed by other APIs, users, and devices (managed and unmanaged). While every cloud provider is responsible for the security of their cloud, the security of sensitive data in the cloud still remains the responsibility of the organization and mostly an unsolved mystery.
If we can identify and classify sensitive data
Each SaaS application has a host of different settings, multiple concurrent API calls, and custom data access models. Sensitive and critical data is created and stored across these clouds. However, most of this data is left unidentified and unclassified. Furthermore, when it comes to information exchanged across these clouds and devices, compliance with local regulations and industry standards has to be ensured. Organizations need visibility to scan and classify data across devices and channels. To manage users, role based access controls need to be implemented to direct the information flow between these clouds and the edges.
And if we can continue to keep track of data leaks during collaboration
The year 2020 has witnessed a new level of collaboration where organizations were compelled to move most operations and employees to a remote work setup. Messaging and collaboration apps like Teams, Slack and Zoom or email clients such as Outlook or Gmail saw astronomical growth and played a big part in enabling remote users outside the enterprise perimeter.
However, the rising concern for most CISOs is how to secure the remote workforce while ensuring business continuity? Every cloud has different API calls, different settings, and different metadata models. So, how can an organization analyze the security controls provided by diverse clouds and ensure that the configured security controls are enough to stop data leaks? How can an organization ensure that sensitive data is protected and have visibility into the data exchanged in the SaaS-mobile environment?
How to ensure your sensitive data in the cloud is always protected?
CASB still remains the most potent solution to cloud security
Cloud access security brokers (CASB) provide the much needed visibility and control into threats, policies, user-entity behavior, cloud posture of the cloud-mobile environments. CASBs deployed in API or proxy mode allow organizations to extend the reach of their security policies beyond their own infrastructure into the cloud universe.
●Protect the integrity of your data with Encryption: Never keep sensitive information unprotected no matter where it is — “at rest,” in-network transit, in the cloud application layers (API, middleware, memory), or in use. CipherCloud FIPS 140-2 certified data protection capabilities meet all global compliance regulations and provide the highest levels of cyber threat protection, preventing the most complex threats and attacks such as API-based attacks that target encrypted data. Furthermore, the data encryption keys are retained only by the organisation and are never shared with the cloud provider.
●Use DLP for continuous data identification and classification: Deep content scanning procedures mapped to DLP policies protect sensitive content based on context and risk appetite of customers. CipherCloud’s DLP capabilities deploy with end-to-end Zero Trust encryption, and contextual access controls restrict access to sensitive content in the cloud and prevent data leaks, theft of intellectual property and compliance failures.
●Last Mile Data Protection with Digital Rights Management: A lot of sleepless nights follow if sensitive information leaves the enterprise perimeter, say intentionally or unintentionally. CipherCloud’s native DRM client works with different customers, vendors, and partners, with different clouds and with different user credentials to provide administrators enhanced visibility into the external users and the data they can access.
●Provide Adaptive Access Controls and UEBA to control anomalous behaviour: Usernames and passwords can be easily stolen. Identification of anomalous behavior and activation of remediation measures need to be seamless. CipherCloud Adaptive Access Controls feature identifies and protects from unauthorized account access with zero trust cloud security controls, delivering end-to-end user and data security from any device, application, user or location.