In January of this year, 24 million banking data records on an unprotected Elasticsearch server were exposed. These data records came from tens of thousands of loans and mortgage documents from some of the largest banks in the United States. The data exposure included sensitive personal information among which were social security numbers, home addresses, and other personal details.
The bigger issue here becomes more obvious with each passing month. Last year, once or twice per month, every month, we saw similar incidents. The net of it is that, when it comes to cybersecurity, the migration to the cloud is still a learning experience. Breaches are caused not only by cyberattacks but also by data exposure which can directly be attributed to misconfiguration and administrative error.
Many information technology team experts have worked within an on-premise environment for years but have limited experience with the cloud. They are learning how to migrate applications to the cloud and administer them one deployment at a time. In most cases, users have not considered an integrated approach to their cloud security strategy, instead approaching it one cloud at a time.
Extending existing people and processes to the cloud is more challenging than users expect. The speed of execution is fast, but the ever-changing learning curve involved continually opens up the enterprise to data breach and security failure. Speed without security can, and often does, equal disaster.
As all of us know, each IaaS platform is a bit different. As with any platform, on-premise or in the cloud, there is a mix of standard and unique components, procedures, and tools with which you must be familiar in order to adequately administer and configure the cloud. Carefully re-architecting your core applications and securely migrating them to the IaaS cloud takes time and painstaking care. All of this is new. Microsoft Azure is not the same as Amazon AWS, which is not the same as Google Cloud Services, etc.
Vendor provided software-as-a-service (SaaS) clouds add another set of required learning. These clouds may exist as “shadow IT,” not visible to the information technology and security team, as they were acquired independently by a line of business. The customer, typically a line of business user, expects the right security to come from the SaaS vendor with a little bit of internal support.
A new experience base must be developed. A better strategy must be put in place. The integration of the extended enterprise requires that you address cloud security across all of these multiple clouds. The result of the current dilemma is cloud data breaches and accidental data exposure are ultimately caused by the lack of a coherent strategy. Most breaches could have been prevented. The error in most strategies is that they fail to take into account the integration of the extended enterprise’s necessary mix of cloud security to meet adversary threats, inconsistent and varying tools, rushed deployments, misconfiguration, and administrative error.
A solution exists!
The new industry best practice is to provide a consistent and unifying cloud security strategy for both your IaaS clouds and your SaaS clouds, regardless of the platform, by placing them within the protection of a cloud access security broker (CASB). All of the clouds are wrapped in the same protective infrastructure. All of your administration is consistent. CipherCloud CASB provides end-to-end encryption such that, in the case of a data exposure, all of your data will be encrypted and therefore not exposed. CASB also brings a consistent approach to the deployment of data loss prevention (DLP), digital rights management (DRM), and end-to-end encryption and tokenization. This gives you one strategy and one administrative toolset to address security across all of your clouds.
CipherCloud can help.
Find out more about CipherCloud’s CASB platform to protect all of your vendor-provided SaaS cloud applications as well as your custom IaaS-hosted applications.
Why CipherCloud? Our CASB platform is the best. We provide:
• ZERO TRUST ARCHITECTURE for comprehensive protection of your users, applications, and data in the cloud
• DATA-CENTRIC CASB with DLP, DRM, and End-to-end Encryption for Total Data Protection
• ADAPTIVE CLOUD CONTROL for any User, Device (both managed and BYOD), Location, and Cloud, with contextual and behavior analytics
• UNIVERSAL CLOUD POLICY Platform for ALL controls across ALL clouds while integrating existing security systems
• ACCELERATE CLOUD ADOPTION securely with Friction-less, Agent-less, Hybrid architecture