Cloud adoption continues to increase, the cloud market is quickly maturing, and more organizations are moving critical workloads and data into the cloud. In fact, a 451 Research report found that 85 percent of enterprises have sensitive data in the cloud, up from 54 percent the year prior. However, concerns about cloud security remain.
Part of the problem is the continued growth of shadow IT. A recent report found that CIOs believe their organization is using an average of 30 to 40 cloud applications. In reality, enterprises use an average of 1,232 cloud applications, up 33 percent from the year prior. Most are used without IT knowledge or approval, which means those applications aren’t being monitored and data isn’t being secured.
Consequences of Failing to Understand Cloud Security
Even when organizations are aware of all cloud applications being used, most don’t understand the shared responsibility model of cloud security. They think all security responsibilities lie with the cloud service provider, but that’s not the case. The provider’s job is to secure the cloud infrastructure. It’s the customer’s job to secure the data and applications within that infrastructure, and the user identities accessing those resources.
This lack of basic understanding of roles and responsibilities is one reason why Gartner estimates that 99 percent of cloud security failures through 2020 will be the fault of the customer, not the cloud service provider. The challenges associated with securing data in the cloud explains why Gartner expects 60 percent of large enterprises to use a cloud access security broker (CASB) by 2020, up from fewer than 10 percent today.
What Is a CASB?
A CASB ensures security policies are applied in the cloud and provides visibility and control of cloud applications and services, data access and movement, and user activity. Organizations typically use a CASB to identify unusual data movement between on-premises and cloud environments, detect malware, encrypt data, and prevent data loss in the cloud.
At minimum, a CASB should have the following four capabilities.
- Cloud application visibility and risk analysis to pinpoint shadow IT, prevent the use of dangerous or unnecessary applications, and maintain regulatory compliance.
- Data governance and protection to prevent unauthorized sharing of sensitive data, such as personally identifiable information, intellectual property or compliance-related data.
- Threat protection and incident response to quickly detect, investigate and mitigate security threats and incidents involving both internal and external actors.
- Compliance and data privacy assurance to ensure cloud security meets minimum compliance standards and that regulated data is either secured in the cloud or prevented from entering certain cloud environments.
The Cisco Cloudlock Solution
Cisco Cloudlock is a CASB designed to secure cloud identities, data and applications, facilitate compliance, and reduce risk across the cloud application ecosystem. User and entity behavior analytics is used to guard against malicious insiders and unauthorized use of legitimate credentials. A configurable data loss prevention engine and automated, policy-driven incident response reduce the risk of data exposure.
The Cisco Cloudlock Apps Firewall discovers and controls malicious applications and uses a crowd-sourced Community Trust Rating to determine how dangerous an application is. It works in concert with Cisco Umbrella to enforce policies governing the use of cloud-based apps, and to block risky or inappropriate apps.
As cloud adoption increases, cloud applications and data will continue to become increasingly popular targets for hackers and insider threats. A CASB such as Cisco Cloudlock can simplify and strengthen cloud security and compliance by providing organizations with visibility and control of cloud environments.