Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 30 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Cloud Governance and CASBs

by The Gurus
November 16, 2016
in This Week's Gurus
Share on FacebookShare on Twitter

There are now many Cloud Access Security Broker (CASB) Products on the market.  These are claimed to help improve cloud governance and compliance but do they really help?
Organizations are choosing to use cloud services to increase agility, to innovate and to get closer to their customers.  Cloud services provide a cost-effective solution to these needs as well as to deliver commodity functionality at lower cost.
However, cloud services are outside the direct control of the customer organization and using them hands over the control of the service and infrastructure in to the CSP (Cloud Service Provider).  This makes a governance based approach essential and this must be implemented through processes covering the acquisition, security and assurance supported by an appropriate management structure.
Some important concerns around the use of cloud services include:

  • The geographic location where the customer’s data is held and processed and the potential for the Cloud Service Provider (CSP) and their staff to access this data.
  • Government Access – The way in which governments can legally require access to the data being processed without seeking the permission of the cloud customer. The recent revelations around access to Yahoo emails by the US government is an example.
  • GDPR – The European General Data Protection Regulation (GDPR) coming into force in May 2018 is another challenge for organizations holding personal data relating to people in Europe.

However, you can only govern the services that you know you are using, and many organizations are unware of the extent to which cloud services are being exploited.  Employees and associates can use their own personal cloud services to perform their jobs without reference to their employer.  Line of business managers can acquire cloud services without performing a risk assessment or considering the impact of these services on compliance.
To implement governance, you need to be able to control who can use which cloud services and for what purposes.  You also need to be able to ensure that data is held in the cloud in a way that complies with laws and regulations as well to protect it against leakage.  So, in practical terms, technology is needed to support this governance led approach.  In an ideal world, this functionality would be provided by the range of existing security tools and technologies already in use.  Many of the capabilities are already there but Cloud Access Security Brokers (CASB) integrate these into a useable form.
KuppingerCole has analysed the market for CASB and recommends that these products should provide functionality that enables customers to:

  • Detect Cloud Service Usage– the use of cloud services which have not been subject to an organizational assessment of the compliance risks and data protection requirements is a common concern for many organizations. Identifying the cloud services being used from within an organization and providing control over their use is a key capability to manage this risk.
  • Control Usage of Cloud Services– access to the cloud services should be controlled so that business critical and regulated data can only be moved into approved cloud services. Employees should easily be able to access approved services and prevented from moving important data to non-approved services.  This should be an extension of existing Access Governance processes and technologies.  The controls should be based on existing organizational directories and should provide seamless access to approved services.
  • Protect against Cyber Risks– there are different ways in which there could be unauthorized access to a customer’s data held in the service. A product should provide capabilities to detect threats to business-critical data and protect against unauthorized access and data leakage.
  • Support Compliance – many organizations depend upon their data being processed and protected in a way that is compliant with laws and regulations. To support this need, the product should provide “out of the box” capabilities aligned with specific regulations. Ideally these capabilities should be independently certified or, at least, the vendor should be able to provide examples of customers who have successfully used the product to achieve compliance.

Most leading cloud service providers implement more rigorous and more effective technical security controls around their service than most organizations can afford for their in-house IT.  However, the responsibilities for security and compliance are shared.  Many of the real risks come from how cloud services are used.   If there is no clear policy for which services an employee can use, don’t be surprised if they use their personal ones.  If personal data held by the organization is not identified and protected don’t be surprised if you are subject to regulatory or legal penalties.  CASBs do not replace the need for cloud governance – they provide practical support for the essential cloud governance processes.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Shutting down the internet: how DDoS has evolved to take on the world

Next Post

Tap or swipe? Banks identify quirks for added security

Recent News

Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information