Posts

Podcast: Cloud Application Security Is Your Gateway to Cloud Confidence

The number of attack vectors cybercriminals can abuse to infiltrate your network grows by the day. The challenge is exasperated when you introduce approved third-party cloud applications, not to mention the untold number of shadow IT apps being used inside an organization.

It’s a fast-evolving vulnerability gap that requires proven cloud application security solutions. To expand on the subject, SonicWall senior product manager Shannon Emmons joined Bill Murphy on his latest RedZone Podcast, “Cloud Application Security Is Your Gateway to Cloud Confidence.

Murphy and Emmons address why default SaaS application security controls are simply not enough, regaining visibility and control of your SaaS email and apps while taking a wholistic approach, how to protect account takeovers from insider threats and compromised credentials and more.

“As customers make their migration to cloud, security is often an afterthought,” said Emmons. “Particularly when you look at things like Box, Dropbox or some ad hoc ‘app of the day’, somebody needed it at that point of time and now they’ve used it. Your IT staff may know, or they may not know, and you now may have company data out there you don’t know about that’s now at risk of breach or data exfiltration.”

LISTEN TO THE PODCAST

Cloud Application Security Is Your Gateway to Cloud Confidence

CIOs are challenged to choose a SaaS platform or service that secures Office 365, OneDrive, Box, Dropbox, G-suite, Salesforce and more in order to properly protect data leaving their organization and stored within the cloud.

“If you’re using multiple SaaS apps — something like the Office 365 suite, Box or Dropbox and eventually Slack and Salesforce — in most cases organizations are managing those policies, that data and threat space differently,” she said. “Some people assume that the cloud service providers are responsible for protecting them from threats, but they’re not and they’ll call it out in their contracts. It’s never in big, red print.”

Murphy is a world-renowned IT security expert dedicated to your success as an IT business leader. A prolific thinker and communicator, Murphy publishes educational articles, podcasts and innovative ideas regularly in the RedZone Technologies blog, and hosts the long-running CIO Innovation Forum Community, which helps IT executives share expertise with peers, build professional relationships, learn about new developments and expand leadership skills.

About Shannon Emmons

Shannon Emmons is a senior product manager at SonicWall. She focuses on protecting SaaS email with data compiled from more than 1 million sensors around the globe to defend against today’s most sophisticated cyber threats.

A 16-year cybersecurity veteran, Shannon is a customer-focused product leader who has been CISSP-certified for 13 years.

What to Look for in a CASB Solution

Virtually every organization across major verticals — K-12 and higher education, financial services, retail and hospitality, and government — is undertaking digital transformation endeavors. And this includes migrating applications and data to the cloud.

When organizations do choose to adopt cloud technologies, software-as-a-service (SaaS) is the most popular choice according to a Gartner forecast for public cloud adoption. This is evident in the number of SaaS applications a typical organization uses. According IDG, 73% of organizations have at least one application in the cloud and another 17% plan to do so in the next 12 months.

2018 Cloud Computing Survey

73% of organizations have at least one application in the cloud and another 17% plan to do so in the next 12 months.
IDG

The adoption of SaaS applications brings about new security challenges for IT teams and increases attack surfaces for cybercriminals. The main use case for SaaS security is data protection. How do you protect your corporate data when you no longer have full control of the infrastructure or lack visibility into who can access that data and from which device/location?

The need to address this challenge created a new market segment in 2011 called Cloud Access Security Brokers (CASBs) or Cloud Security Gateways (CSGs). The CASB market segment is one of the fastest growing in information security with Gartner estimating a growth rate of 46% CAGR from 2017 to 2022.

Today, cloud security is not just about limiting or securing access to cloud applications. Cloud security is a shared responsibility where the organization that consumes cloud services is responsible for protecting sensitive data within their SaaS tenants. In fact, according to Gartner, “Through 2022, at least 95% of cloud security failures will be the customer’s fault.”

What is CASB?

At a high level, CASB solutions typically deliver the following four functionalities:

  1. Visibility. Enable cloud discovery to shed light on cloud application usage and shadow IT activities.
  2. Data security. Secure the corporate data uploaded or hosted in the cloud by enabling data loss prevention (DLP) and monitor user activity.
  3. Threat protection. Identify anomalous user behavior and provide anti-malware and sandboxing capabilities to protect against threats in the cloud.
  4. Compliance. Empower organizations with auditing and reporting tools to demonstrate compliance, especially in regulated industries.

CASB: The evolution of cloud security

The early CASB solutions were geared toward large enterprises that were early adopters of cloud services. These solutions required sophisticated on-premise deployments that proxied all traffic (either forward or reverse proxy) to enforce inline policies for cloud usage.

This proxy-mode CASB approach is sometimes known to introduce latency and/or cause breakage in application functionality, creating a bad user experience. In fact, it’s why Microsoft recommends against using proxy-based solutions when securing Office 365.

The next generation of CASB solutions take advantage of the API-based architecture that SaaS platforms are built on. API-mode CASB is the only way to provide complete visibility into SaaS environments.

API-based CASBs are easy to deploy and provide the most coverage for SaaS security use cases across sanctioned IT, shadow IT, managed devices and unmanaged devices (BYOD).

On-Demand Webinar with Guest Michael Osterman

Need more security and control for your cloud applications? View this joint on-demand webinar, “Securing Your SaaS Landscape,” with Osterman Research principal analyst Michael Osterman, to explore the major concerns and issues organizations have with SaaS adoption, what to look for in a CASB solution and an overview of SonicWall Cloud App Security.

CASB protects Office 365 deployments

According to the Cybersecurity Insiders 2018 Cloud Security Report, the most popular SaaS app used by organizations of all sizes is Microsoft Office 365.

Many associate Office 365 to email because it’s the most used app within the Office 365 suite. So, when CISOs and IT directors begin migrating on-premise mailboxes to Exchange Online, the default response is to extend the incumbent Secure Email Gateway (SEG) or Mail Transfer Agent (MTA). This approach to secure cloud email creates two significant blind spots:

  1. Causing security gaps. Does not protect other apps within Office 365, so it becomes a point solution that is focused on securing only email.
  2. Missing internal threats. Does not scan internal Office 365 emails, which is becoming increasingly relevant in the current threat landscape with credential compromises and account takeovers.

To address these blind spots, you need to buy an add-on service (to scan internal email) from your email security provider (if they offer one) and deploy a CASB to protect the data residing in OneDrive and SharePoint Online. That’s one more point solution that IT directors need to add to their budget, and IT administrators need to deploy, get trained and manage.

Full-featured CASB solution: SonicWall Cloud App Security

When you view cloud email as a SaaS app, it makes sense that a CASB solution should protect data and provide visibility even if that data is in the form of email messages.

That’s why SonicWall Cloud App Security leverages APIs to directly integrate to SaaS platforms and combine both data security and email security to provide complete protection for SaaS in a single solution. The CASB solution can be implemented in minutes without the need for any on-premise appliances or software installations.