<img src="//pixel.quantserve.com/pixel/p-_JKXxuL8SR7wu.gif?labels=_fp.event.Default" style="display: none;" border="0" height="1" width="1" alt="Quantcast">
blog-banner.jpg

Next-Gen CASB Blog

Information-centric cloud security

By Rich Campagna | April 4, 2014 at 6:07 AM

According to Neil MacDonald at Gartner (Gartner, Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence, Neil MacDonald, 30May2013), “This is a return to the foundation of information security, because the goal of information security has always been to protect the confidentiality, integrity, authenticity, access, availability and utility of information.” Neil continues, “To fulfill our goal of information protection, we turned to device ownership, lockdown and control as a means to protect information.” “Ownership and tight control were used as proxies for trust. In future scenarios where, increasingly, IT doesn't own or control the consumption or delivery sides of technology, new models of trust are needed.”

Today, however, the world is shifting to cloud applications like Salesforce and Office365, which exist entirely outside of the traditional security perimeter. BYOD and mobile devices compound the problem, as they too are outside of corporate control. How do we secure data in these environments?

One approach would be to try to re-engineer traditional perimeter security for the cloud world – applying security as data leaves the corporate network or as it leaves devices, as would be done with something like a secure web gateway or a next-generation firewall. The challenge is that this approach leaves many holes, and puts IT in a position of constantly chasing the next egress point. Your CEO got a new iPad Air yesterday? Better make sure that’s configured and locked down. John from Sales is logging into Salesforce from his home PC? Lock that one down too. Today’s savvy employees also know that they can access whatever they want, even when in corporate locations, by switching from corporate wifi to the 4G hotspot on their phones – voila, corporate security infrastructure bypassed! The only possible option to stopping this behavior is infeasible in today’s world - to provide fully locked down corporate laptops with severely restricted Internet access and no ability to connect to anything but corporate networks.

traditional_cloud_security
Figure 1 - Traditional perimeter approach has major coverage gaps

 

So what is the solution? Gartner recommends a, “Shift to an information life cycle approach to information protection by identifying where sensitive information is created, manipulated, transformed, stored and archived within your enterprise users and systems.” “Assuming most devices and services will be untrusted in 2020, design protection starting from the information, and move outward through the layers out to the consuming system or service.” 

Such an information-centric approach would secure corporate data where it lives – in cloud and premises-based applications like Microsoft Exchange, Salesforce, Box, Google Apps, and Sharepoint. This redefined perimeter acts like a moat around a castle, controlling all access to corporate information, from anywhere and from any device. This mindset provides the foundation for the approach to enterprise data security that we have taken at Bitglass, an approach that enables us to secure corporate data end-to-end, from the cloud app to the mobile device.

 bitglass_cloud_security
Figure 2 - Information-centric approach secures corporate data where it resides

 

What does this mean for you? 100% control over access to corporate information, provided via a solution that deploys in minutes. No need to configure firewalls or to unsuccessfully try to lock down every new BYOD device that employees want to use to access corporate apps.