90% of cloud apps in the enterprise are being used without IT’s knowledge. Whether brought in by individuals or lines of business, there’s an average of 508 apps per enterprise and more than 5,000 in the world from which people can choose. Where things get even more interesting is when cloud and mobile combine and the opportunity for data loss and breaches multiply.
These slides are from a webinar where leading identity management, cloud security, and fraud management expert Andras Cser from Forrester and Netskope’s Sr. Director of Product Marketing Bob Gilbert talk about the importance of understanding which employees are using which cloud apps and from where they’re accessing them.
View the on-demand webinar here:
http://www.netskope.com/webinars/securing-cloud-users-left-devices/
13. 13
General Challenges with Cloud Security
› Ease of Use for End Users (you can’t control end users)
• Cloud security should not require users to change behaviors or
tools
› Inconsistent Control (you don’t own everything)
• The only thing you can count on is guest VM ownership
› Elasticity (not all servers are steady-state)
• Cloudbursting, stale servers, dynamic provisioning
› Scalability (highly variable server counts)
• May have one dev server or 1,000 production web servers
› Portability (same controls work anywhere)
• Nobody wants multiple tools or IaaS provider lock-in
Bob will kick things off my welcoming the audience and introducing Andras.
Bob’s comment after Andras talks to this slide: What is interesting is how many of these services were once delivered as on-premise and are now delivered via the cloud?
No comments from Bob
http://4.bp.blogspot.com/_tPFK1WgNdGA/Slng_ryi07I/AAAAAAAAAbc/mEvf4xmzBbI/s400/1.jpg
Bob’s comment after Andras talks to this slide: At Netskope, we like call this the catch-22 between agility and security. Line of business procuring cloud services surely creates pressure for the CISO. When there is the additional pressure that comes along with the end user bringing in their own cloud apps.
Bob may expand this dialog a bit depending on how Andras would like to respond. Perhaps a good opportunity to talk about the results of the most recent Netskope Cloud Report where we collected data from more than 5,000 companies and found that an average 576 cloud apps are in use. Only 50 or so are sanctioned by IT.
No comments from Bob
http://img.dxcdn.com/productimages/sku_6404_1.jpg
No comments from Bob
Image source: Flickr (http://www.flickr.com/) | CC BY 2.0 | https://www.flickr.com/photos/dnamichaud/554406521/
Bob’s comment after Andras talks to this slide: This does not surprise me especially considering the recent string of vulnerabilities with Heartbleed, Shellshock and Poodle. The concern over data loss obviously presents an opportunity for cloud-centric DLP technologies.
http://pad3.whstatic.com/images/thumb/6/68/Act-Bossy-Step-4.jpg/550px-Act-Bossy-Step-4.jpg
Bob’s comment after Andras talks to this slide: This reminds me of the quote from Hitchiker’s Guide To The Galaxy: “someone else’s problem”. In this case, there is no one to blame except for the man in the mirror.
Bob’s comment after Andras talks to this slide: On your first point, not requiring users to change behaviors makes sense, but what if the user is using a non-sanctioned IT app and the app is seen as posing a potential security risk? If the app is blocked the user’s behavior is obviously changed and perhaps for the worse. Maybe a better approach is to allow, but with some controls in place. Make the user happy and at the same time limit risk exposure.
Bob’s comment after Andras talks to this slide:
http://www.vision-training.com/Images/Working%20eyes%20drawing.jpg
http://sheplusplus.stanford.edu/images/salesforce.jpg
http://images.clipartpanda.com/magnifying-glass-clipart-magnifying_glass_black.png
Bob’s comment after Andras talks to this slide: Andras, this is a great opportunity for a shameless plug. Looking at this image, my company Netskope positions itself where the magnifying glass is and provides deep visibility, analytics, and fine grained control for all cloud apps. This includes sanctioned apps such as Salesforce, Office 365, Google Apps, and Box as well as the potentially thousands of unsanctioned apps that users have deployed and IT does not know about. Essentially, we enable companies to move to the cloud with confidence.
http://lisagawlas.files.wordpress.com/2013/01/onion.jpg
Bob’s comment after Andras talks to this slide: Andras, this slide brings tears to my eye.
Note: (added “and in the cloud” to DLP on premise.