By Ishani Sircar, Product Marketing Manager at CipherCloud
Are we in a cloud-first environment?
Let us look at a regular workday- Few updates on Slack, followed by emails on Microsoft Outlook, updating attendance on Workday, a few meetings with partners on Microsoft Teams, updating the status of leads on Salesforce. Looks familiar? In these remote working times, this is a regular day for most employees.
To curb the COVID-19 pandemic, organisations are encouraging employees to work remotely. However, operating with a fully remote workforce is unchartered waters for most organisations This surge in the remote workforce has strained the existing IT infrastructure with more and more unmanaged devices accessing the enterprise network and using cloud apps for day to day operations. As enterprises extend their collaboration to cloud further, lack of visibility and control till the edge raises exposure to data loss, compliance violations, and breaches. Plaguing security and risk management leaders are these questions:
- What would be the right mix of access controls and policies to ensure the data is always handled correctly? What are the risks originating from employees and the numerous personal devices being used? Who are the users, what devices are they using and what is their location?
- Is the organisation still following all the data privacy and compliance regulations across all of its office locations? What are the region-based penalties for non-compliance?
- In the new remote-work environment, is your organisation ready to face any new emerging threats, vulnerabilities, and data leakages, with such a wide attack surface?
73% of executive-level IT leaders believe remote workers pose a greater security risk than onsite employees. And 36% of organizations have experienced a security incident because of a remote worker’s actions. – Forbes
What is the New Normal?
360-degree visibility and control over all remote users, devices, clouds, and data being accessed.
Keeping the remote workforce secure and operational is the key to maintaining continuity in the current cloud-mobile world. A consolidated and centralised multi-cloud security strategy enables the organisation to keep its data or let’s say, its crown jewels safe.
The risk posed by collaboration platforms is far from hypothetical. In March, for example a critical vulnerability was found in Slack, which could allow automated account takeovers (ATOs) and lead to data breaches. – Threatpost.com
Building Blocks to Securing the Remote Environment
CASBs are tailor-made to address the cloud security concerns of the cloud-mobile environment. The following are some key recommendations and CASB capabilities to solve the #1 problem the industry faces today – protecting sensitive data in a remote work environment.
- Maintain deep visibility into the cloud apps: Shadow IT Discovery helps you stream and analyze all the log activity from remote devices, providing you 360-degree visibility into user activity across sanctioned and unsanctioned clouds.
- Zero-Trust Identity Control: CASB provides full support for SSO integration to verify the user at the door, and maintain comprehensive logging of user access, and step-up the user authentication with Multi-Factor Authentication (MFA).
- Focus on human-centric security: It is important for organizations to define security controls that go beyond user verification at the door. Technologies such as UEBA and Adaptive Access Controls perform a continuous risk assessment of user activity while he’s logged in, and can block access to the data in case of anomalous user behavior. Examples of anomalous behavior might include a user downloading several gigabytes of files at 2 a.m., or attempting a valid log-in from Beijing only two hours after logging in from Chicago, Illinois.
- Define powerful data protection controls: Set strong DLP policies to identify, classify and protect sensitive and restricted data (PII, PCI, and PHI) at rest, in motion or in use. DLP can enforce actions for restricted sharing (ethical firewalling), isolation of infected files, or automatic encryption of sensitive content.
- Secure your emails: Email continues to be the number one threat vector in cybersecurity both for threat protection and data loss. The problem is compounded with cloud-based business email – Microsoft Office 365 and Gmail from G Suite. DLP for Emails defines policies to protect your email data even before it leaves the organization premises.
- Secure offline access: Native Information Rights Management (IRM) secures offline data access, protecting the data that gets downloaded from the cloud applications to users’ devices. In the event of data misuse, administrators have the ability to retract data access, even if it was downloaded and copied to another device.
- Zero-Day Threat Prevention: A fully remote workforce has broadened the cloud-born attack surface. Detect and isolate threats, anomalies, malware shared over tools across clouds, in real-time. Deploy CSPM to understand your cloud risk posture with an assessment of your cloud environment against the security and compliance best practices with a consolidated dashboard view.
- Advanced-Data Privacy and Compliance: With so much information traveling outside the enterprise perimeter, violations are bound to happen. CASBs enable organizations to govern and remediate any compliance violations with out of the box rules, regulatory reports pertaining to data privacy (CIS, HIPAA, GDPR, CCPA, and Data Residency) and CIS templates, and actionable risk dashboards.
- Manage Personal Devices: One of the biggest pain points due to a remote workforce is keeping track of data access and usage by BYO devices, and preventing data leak or loss in any form from the personal unmanaged devices. CASB’s external integration support with MDM solutions help control data access from personal devices and block the devices in case of user behavior anomaly.
Complementary user-centric and data-centric approaches to policy enforcement would be the key to securing the workforce and the data vital for the organisation’s business continuity. CipherCloud’s CASB+ platform enables integration with existing security solutions furthering optimization of investments and strengthening the overall security posture. Last but definitely the most important, security and risk management leaders should plan to educate the remote workforce about best practices and maintain an open line of communication that could really be the game-changer to get us through these times!