Why a managed cloud access security broker could make sense for your company

Castle-in-the-Clouds

Companies move to the cloud to save money on infrastructure and improve time-to-market on application development. However, once they start using cloud applications, organizations using traditional security monitoring solutions often lose control and visibility of their infrastructure and applications.

End users now have access to multiple cloud-based collaboration and file sharing applications, tools that may also violate or circumvent the organization’s existing security controls and policies. This issue becomes especially prevalent in organizations with mobile workforces. With users accessing applications from home, at work, on travel and at local coffee shops, IT teams find it harder than ever to control and manage access and compliance.

On top of all these issues, “Shadow IT,” a term used to describe the use of computing resources and applications that are not authorized by corporate IT or in budgets happen to also bypasses traditional security controls and policies.

That’s where a Managed Cloud Access Security Broker (Managed CASB) can make a major difference. A Managed CASB gives organizations back the control they need to keep their new cloud environment secure. The Managed CASB protects sensitive data by identifying the cloud applications used by the organization and determining which applications should be sanctioned, and then creates and enforces security policies through continuous monitoring and analysis of threats.

There are at least four benefits a Managed CASB delivers:

  1. Increased visibility. As more applications are run in the cloud, the Managed CASB provides visibility into user activities in sanctioned cloud applications and uses analytics to identify anomalous or potentially malicious behavior. Companies can use this enhanced visibility to identify potential security incidents and have their incident response teams or the CASB neutralize them.
  2. Policy management. The Managed CASB service lets IT staff monitor for policy violations and enforce regulation and compliance policies in the cloud environment. So, as use of cloud applications increases in an organization, IT staff can explain to the line-of-business workers using unsanctioned cloud applications that the CASB will let them run SaaS applications more securely. In turn, line-of-business staff will be more likely to embrace CASB use.
  3. Malware analysis and encryption. Many CASB services offer enhanced threat protection, including malware scanning and antivirus protection for files stored in cloud applications. They also encrypt “data at rest” in the cloud.
  4. DLP and SIEM integration. The Managed CASB service lets IT staff use its data loss prevention software to extend policy enforcement to whichever system they use. There’s no need to build this in the CASB, as it can go right from DLP out to the cloud. In addition, IT staff can integrate with an SIEM, which lets them correlate rules with other cloud services.

Bottom line: The Managed CASB’s approach to managing cloud security access will help prevent hackers or disgruntled employees from exposing or disseminating confidential company information. It also ensures compliance with regulatory requirements by demonstrating the company’s adherence to security policies and guidelines.

A Managed CASB continuously monitors and analyzes the use of company-sanctioned cloud applications and rapidly responds to incidents and compliance violations in real time. This approach minimizes the risk of non-compliance, damaging malware and expensive non-compliance fines. By using managed service experts, the company also leverages the proven security expertise required to define and implement the appropriate data protection strategy. As complex as security has become – and as difficult as it is to find qualified security talent – many organizations are extending their team, and pulling in experts through a Managed CASB.

 


Chris Moyer is chief technology officer for Security at DXC Technology. He has spent more than 25 years building business and technology solutions for clients in several industries across multiple geographies. In previous roles, he has led solutioning, transformation projects and delivery assurance. He is also a member of the Institute of Electrical and Electronics Engineers. Connect with him on Twitter and LinkedIn.


Marc Svendsen is an Offering Manager for Cloud Security Services. He has experience working on cybersecurity services such as DXC’s Managed Endpoint Threat Detection, Managed Vulnerability Assessment, Next-Gen Threat Protection and On-Demand Workload Protection.

RELATED LINKS

Your company has been hit with ransomware: What’s the best response?

Defensive strategies for protecting IoT

Industry 4.0 and IoT pose new security challenges

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: