cfo-as logo
Story image

How to stay in control of a cloud strategy

21 Apr 2020

By Bitglass CEO Nat Kausik.

In recent years there has been a major shift in the way businesses conduct their operations and how employees do their work. Across many organisations, corporate culture has changed dramatically and employees are no longer required to work on premises from desktop computers.

In contrast, many people now access, share and store data in a variety of ways, using diverse services and devices.

For example, hugely popular Software-as-a-service (SaaS) applications such as Office 365, Box, and Salesforce are now the mainstream, market-leaders. Similarly, Infrastructure-as-a-service (IaaS) platforms like Amazon Web Services (AWS) are hugely profitable and have changed the way organisations around the world deliver IT.

Across every type of team and department, cloud-based SaaS apps have appeared to offer tailored services and functionality geared towards the specific objectives of each job function. This is particularly important, given the huge number of SaaS applications used in typical organisations. Research examined companies of 200-500 employees in size found that, on average, they use over 120 different apps.

A closer look at the type of information moving to the cloud demonstrates why the scope for data leakage has increased. For example, a 2019 study revealed that nearly half (45%) of organisations are storing customer data in the cloud, 42% store employee data, and 24% store intellectual property.

With this in mind, organisations should be taking a range of considered steps in order to stay in control of cloud strategy:

Understand the risks: More data brings the need for more security. The huge investments being made to move data to the cloud means huge levels of customer and employee data, as well as intellectual property are being stored outside the boundaries of traditional on-premises networks.

While the advantages of this approach are well known, it’s a strategy that can bring an increased possibility of data leaks unless appropriate security measures are put in place.

Monitor user behaviour: IT departments often find it hard to keep pace with the sheer number of cloud applications and personal devices that are being used in everyday situations across the enterprise, however, it is a situation that must be addressed.

For example, organisations should have visibility over who is accessing what data, and be alerted to any cross-app anomalous behaviour. This should also extend to visibility over user logins, external sharing and DLP.

Deploy comprehensive cloud security solutions: Despite the widespread use of cloud security solutions, such as access control and anti-malware, businesses need to meet the increasing threat of cloud-based data breaches.

Additional protective measures such as those provided by single sign-on (26%) and data loss prevention tools are important considerations. Also, it is worth remembering that traditional security tools might not work – or have limited functionality – in the cloud, so adopting more appropriate cloud security technology is essential.

Modern solutions, such as cloud access security brokers (CASBs), can provide many of these essential capabilities in one. This is reflected in the research findings of the adoption of CASBs which has risen from 20% in 2018 to 31% one year later.

Indeed, according to a report produced by Gartner, for those organisations that are using many SaaS applications, “. . . a cloud access security broker (CASB) or SaaS management platform (SMP) would likely be a better choice for understanding your SaaS security posture and standardising control and governance across your SaaS landscape.”

Balance cost against effectiveness: In developing a cloud strategy, cost is an inevitable consideration. It’s always going to be a major part of the decision-making process when choosing a cloud security provider, tools, or services. Similarly, issues around ease of deployment and integration will often fall into the mix – whether the solutions are cloud-native or whether it has to do with how cross-cloud security policies are being enforced.

Behind all these influencing factors is a challenge shared by everyone interested in cloud control: a poorly implemented tool will never be as effective and secure as a well-integrated solution that delivers high levels of flexibility and control over data, wherever it goes.

Story image
DevSecOps increasingly important, but APAC organisations lagging behind
The rise of DevSecOps comes at a time when IT leaders are faced with an increasingly active cyber threat landscape, coupled with higher consumer expectations of digital offerings and application usage due to a sharp increase in online activities.More
Story image
Zendesk, WhatsApp enter partnership to expand customer service offerings
“Businesses today need to meet their customers where they want to be met - and that’s increasingly through messaging."More
Story image
IDC names ESET a Major Player second year running
“ESET is strong in the areas of threat research, especially around Android malware identification and behavior detection.”More
Story image
How Employer of Record helps companies expand to new markets around the globe
Using an Employer of Record allows companies to break into new markets and hire the talent they need quickly and easily — with all human resources, onboarding, paperwork, and legal compliance taken care of.More
Story image
Why automating the finance function is critical for future growth
As well as continually struggling with tedious workflows and manual processing, many finance professionals are still finding it a challenge to complete their month-end close. This is where software can help, writes BlackLine regional vice president for A/NZ Claudia Pirko.More
Story image
Financial firms exposing data through mismanaged access controls - Varonis
Almost two-thirds of the analysed firms leave more than 1000 sensitive files open for every employee to access.More