IT departments are under more pressure than ever from business leaders because IT networks play such an important role in keeping businesses running. From mission critical operational applications to vitally important client and financial data, the modern business network needs to be fast, reliable and secure. That’s a tall order for IT leaders and as more enterprises migrate towards the Cloud as a solution to these challenges, it is not surprising that for many IT leaders, especially the ones in the insurance, banking, technology and healthcare industries, Cloud security is paramount among their concerns.
That’s not so say that security is less important for industries like retail, manufacturing or transportation. The fact is security is a hot topic for IT leaders across all industries migrating to the Cloud, but especially for ones where regulation or compliance require businesses to keep certain types of data regulated and separate, only storing data for specific periods or that data must be stored onshore. The concern is well founded: in the world of data security, lightning truly can strike twice – or more. A government organisation or financial company targeted for attack once is most likely to be targeted again, at least three more times during the same year1. When operating across borders IT leaders need to be extra cautious.
In developing countries like Indonesia, the low government-private sector interaction, underdeveloped infrastructure and lack of clear government responses to cyber-threats has contributed to the Australian Strategic Policy Institute assigning a weighted score rank of 46.4 out of 100 in the area of Cyber Maturity2. Threats around the world continue to increase in both volume and frequency and Indonesia happens to be a significant source of malicious code.
What can companies that are operating in developing markets like Indonesia do to increase peace of mind, manage risk and still have time to be innovative and flexible – all with diminishing budgets and resources? The good news is that Cloud is not inherently unsecure3. As long as appropriate measures are adopted the Cloud can be even more secure than on-premise solutions, while still retaining the greater scalability, flexibility and cost effectiveness associated with Cloud infrastructure. But how do you manage Cloud security risks in markets like Indonesia where advanced IT skills are difficult to recruit and retain? In these environments enterprise IT departments are turning to Cloud Access Security Brokers (CASBs).
CASBs offer specialised security, governance and management of their client’s Cloud environments.
CASBs help in the assessment of potential threats by doing a thorough audit of a customer’s Cloud infrastructure, vendors and data processes and then developing a best practice policy. They then proactively monitor customer infrastructure looking for potential threats and offering advice on evolving global threats.
A good CASB will have certified experts with the right technology looking for security issues before they occur. For example, in many cases the breach of Cloud security unknowingly happens at the user level. Gartner predicts this will increase to 95% of all Cloud security failures by 20204.
A best-in-class CASB will offer some or all of these additional “as a service” solutions delivered via hosted infrastructure:
- Next-Generation Firewall-as-a-service
- Endpoint Protection-as-a-service
- Intrusion Prevention-as-a-service
- Distributed Denial-of-Service (DDoS) Prevention-as-a-service
- Web Application Firewall (WAF) Prevention-as-a-service
- Web and Email Protection-as-a-service
- Mobile Device Management-as-a-service
- Security Information and Event Management
- Advanced Persistent Threat (APT) Protection-as-a-service
- Data Loss Prevention
Bringing together the right people, processes, threat insights and technology is what makes CASBs key to leveraging Cloud infrastructure. It’s not just about the integrity of data and systems, it’s also about making sure your organisation realises all the benefits that come with migrating to the Cloud. To do this while minimising risks in today’s environment of increasing global threats, it pays to have a proactive expert that is continually on watch.
References: