The benefits of cloud computing cannot be fully exploited without wisely assessing and managing cloud security. Processes, technologies and mechanisms are essential to manage security, meet compliance needs and assess usage risks of cloud-based solutions. This blog is a synopsis of latest key trends driving the innovation in Cloud Security solutions, in general, and in our own Identity-centric CASB solution.
Following key trends are driving the need for Cloud Security:
- Increasing Cloud Adoption. By 2019, 86% of data center traffic will be towards cloud services because of enterprises widely adopting cloud services to attain flexibility, elasticity and scalability .
- Companies are expected to spend 1.5 times in SaaS (Software-as-a-Service) as compared to IaaS (Software-as-a-Service) .
- Most large enterprise software vendors, such as Oracle, IBM, Microsoft and SAP are now heavily invested in the cloud, and are actively moving their large installed bases to cloud services . Consequently, this trend is also influencing their customer base to live and breathe in the cloud world.
- Unique Security challenges with diverse cloud usage patterns. Enterprises are utilizing multiple cloud-based service models – SaaS, IaaS and PaaS (Platform-as-a-Service). The challenge with securing, protecting and monitoring these usage patterns is because these pose unique security challenges.
- SaaS – Enterprises utilize critical business functions such as HR, CRM, Financials as SaaS or even for Healthcare-based EHR and EMR applications. Meeting compliance mandates is important ensuring the enforcement of necessary Segregation of Duties (SoD) policies across diverse applications. Deep visibility is needed into managed/unmanaged users/devices accessing SaaS applications. Threat intelligence is another key requirement.
- IaaS – Usage promotes DevOps models in which developers need to spin up environments like virtual machines and containers and push them to production using automation. Privilege Access Management is required for such operations. Immature DevOps automation could also circumvent required security practices, hence enterprises need DevSecOps. Visibility into Compliance Management and Threat analytics are also other key requirements for workloads running in IaaS.
- PaaS – Include platforms used by developers to build and deploy applications in cloud-based runtime environments or invoke API-based services. API Security, Application Access Management (Web/Mobile) are requirements from a Security standpoint.
- Collaboration platforms – Managing Data on Cloud-based collaboration platforms like Office 365, Box, Dropbox etc. introduces challenges – data can be shared and accessed by unapproved devices. Encrypting data is not enough as it adds overhead, and does not stop internal users to commit a fraud.
- Introduction of new complex Compliance Regulations. With SOX, HIPAA has been extended to Cloud and more compliance standards like FedRAMP, HiTrust, FISMA, SOC2 got added to the list, mainly influenced by cloud adoption. Particularly in Europe, more challenging compliance requirements are fueling needs to meet increasingly complex data residency requirements and personal data management, with the planned advent of GDPR.
- Advanced Threats and Vulnerabilities. Network perimeter continues to erode as 50% employers by 2017 will mandate Bring Your Own Device (BYOD) . The enterprise moves to adopt bring your own (BYO) traditional PC and non-PC assets which increases usage from unmanaged devices . These factors are making enterprises more prone to advanced security threats and vulnerabilities that lead to the loss of market evaluation for affected businesses. Cloud Security Alliance (CSA) Top Threats Working Group conducted profound research through a survey of industry experts to compile professional opinions on the greatest security issues within cloud computing . 12 critical issues to cloud security were identified as – Data Breaches, Weak Identity, Credential and Access Management, Insecure APIs, System and Application Vulnerabilities, Account Hijacking, Malicious Insiders, Advanced Persistent Threats (APTs), Data Loss, Insufficient Due Diligence, Abuse and Nefarious Use of Cloud Services, Denial of Service and Shared Technology Vulnerabilities.
- Shared Responsibility Model. AWS introduced the idea of shared responsibility model from a cloud security standpoint. This model entails that while cloud service providers control the security of cloud data center infrastructure that hosts customer resources and provides connectivity to it, customers themselves are responsible for securing the access to their resources. The concept of shared responsibility model applies across various types of cloud services.
Because of these trends in enterprise IT, Cloud Security solutions are desperately needed now. A few years back Gartner introduced the idea of Cloud Access Security Broker (CASB), as a security policy enforcement point that is placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. Organizations are increasingly turning to CASB vendors to address cloud service risks, enforce security policies, and comply with regulations, even when cloud services are beyond their perimeter and out of their direct control. It has been highlighted in Top 10 Security tech – 2016 and 2017. CASB market has grown to 380M USD in 2017  but by 2020, 85% large enterprises will use CASB which is up from less than 5% today .
Saviynt’s IGA 2.0 solution provides Cloud Access Governance and Intelligence capabilities. Saviynt ingrains comprehensive CASB capabilities, which based on a profound Identity Governance and Administration platform, is appraised as an Identity-centric CASB. Take the first steps towards your Identity-Based CASB journey. Watch this video to understand more details and get started here.
- Cisco Global Cloud Index 2014-2019, 2015 Update
- Gartner report – “Forecast: Public Cloud Services, Worldwide, 2015-2021, 3Q17 Update”
- CIO.com, “Half of Companies Will Require BYOD by 2017, as per Gartner”
- Gartner report – “10 Best Practices for Successful CASB Projects”
- CLOUD SECURITY ALLIANCE research – “The Treacherous 12 – Top Threats to Cloud Computing + Industry Insights”
- CSOOnline.com, “Cybersecurity job market to suffer severe workforce shortage”
- Gartner report – “Market Guide for Cloud Access Security Brokers”
- Gartner report –”Forecast Snapshot: Cloud Access Security Broker, Worldwide, 2017”