Cloud Security

The increasing prevalence of cloud applications and cloud technology means that cloud security is becoming ever more critical. A robust cloud security strategy is the difference between the technology being a business’s biggest risk point and its biggest enabler.

Many organizations assume they don’t need to worry about cloud security solutions as they aren’t using the cloud.

But just because you aren’t using Office 365, it doesn’t mean you’re not in the cloud. The average company uses almost 1,000 cloud applications and yet there’s a lack of awareness about what a cloud app actually is. Simply put, it’s pretty much everything your employees are doing in their web browser to do their job, and facilitates sharing or attaching information that could end up going anywhere beyond the control the company. LinkedIn, Salesforce, WhatsApp Web, Google Drive, the list goes on. If any business isn’t already using the cloud in some capacity (and there can’t be many!), then digital transformation will almost certainly come knocking at the door in the next few years. Conducting an evaluation of cloud services and formulating a cloud security strategy will be crucial. For those organizations who have no cloud strategy in place yet, despite using cloud apps, would be well advised to put one in place.

A recent survey by Microsoft found that 77 percent of organizations see cloud security as a challenge when it comes to using the cloud, with 29 percent seeing it as a significant challenge. And it’s easy to see why.

We’re all well aware that people are often the weak link in security and prone to doing things they shouldn’t, sometimes by accident and sometimes on purpose. The cloud significantly increases risk of, for example, an employee sharing sensitive documents with people they shouldn’t over Facebook Messenger. In fact, research we conducted showed that nearly a quarter of people are using messaging apps like WhatsApp, Telegram and Facebook Messenger to share work documents, while 16 percent used Dropbox, Google Drive, or similar to take company information to a new job. For this reason, control and visibility are absolutely crucial at every stage of the cloud journey.

First and foremost, businesses need to get an understanding of what cloud services and apps are already being used. As most IT managers are all too aware, employees have a habit of using unsanctioned apps to make their jobs easier, so called ‘shadow IT’. We’re of the view that people should be able to use whatever they want to do their jobs and if that means talking to clients over WhatsApp Web, let it be. A cloud application discovery process, however, is absolutely critical to uncover exactly what is being used and how. Knowledge is power after all. Once you have an understanding of the apps used in your workplace – sanctioned or otherwise – you can then manage them.

App equality

Not all apps are created equal though and some are riskier than others. Armed with your list of apps in the business, you should start implementing policies for the most risky apps. This tends to include things like cloud storage, team collaboration apps and messaging platforms and anything else that offers file sharing. While it would be simple enough to block those that aren’t 100 percent necessary, that’s not going to be a popular approach with employees. Instead, you should limit what actions can be take and by who. Not everyone needs to be able to download and edit the new business pipeline, for example, so that should be restricted functionality to those who absolutely need it.

PDF Graphic

Beyond Cloud Visibility - Because discovery is no longer enough

Cloud visibility is a vital first step to secure your Cloud applications.

Download now

The same process can be conducted with any cloud infrastructure, not just apps. If you’re team is using Infrastructure as a Service (IaaS) or Platform as a Service (PaaS) solutions then reviewing how they are used and what actions can be taken is also important. Misconfigured cloud services overtook hacking as the number one source of data loss in 2017, so having a robust cloud security strategy in place will save trouble down the line. As an added bonus, you may well also see a cost benefit when you uncover underutilized storage!

Tools like a Cloud Access Security Broker (CASB) provide all the visibility and control you need, allowing you to monitor user function and interactions and restrict actions as needed. Rather than a risk, the cloud quickly becomes a business enabler with CASB in place.

Cloud Security Insights

Pollution graphic

Clouds of pollution – the scourge of cloud-only malware

Thank goodness for cloud applications. Compared to the old ways of sharing information across organisations and between virtual teams, cloud ...

Read More_
Misty valley

Why cloud visibility and discovery are no longer enough

According to the Ponemon Institute, cloud applications are a significant security concern for organisations, with 71% of global IT professionals believing the ...

Read More_
Cloud graphic

Cloud Security issues aren’t unknown

When Cloud was the new kid on the block, the risk of adoption was simply too variable and therefore untenable ...

Read More_
Female worker

Five ways your apps are putting you at risk – and what to do about it…

Businesses are lapping up mobile and cloud applications faster than iPads get snapped up at an Apple flash sale. Buoyed ...

Read More_

Want to discuss your specific security requirements?

Get in touch for an informal conversation

Not ready to renew yet?

If you're interested in Censornet security services but your existing service not ready to renew, give us a few details and we'll be in touch nearer the time.i