“As more companies deploy cloud applications and modernize their workforce, they must also implement effective security tools and strategies tailored to a cloud environment.â€
Soaring adoption of cloud is nothing new. Over the past six years, cloud adoptionOpens a new window grew from 24% to an astonishing 86%Opens a new window . But what’s changed is that as industries rally around the cloud as a driver for unlocking agility, business continuity, and overcoming scalability hurdles — IT decision makers (ITDMs) are now confronting the realities of the most prevalent risks (cloud phishing, data leaks & ransomware) that arise due to their lack of cloud governance and management capabilities in a rapidly changing regulatory environment.
Where do these risks arise from? Though cloud players like AWS, Azure, Google Cloud Platform ensure the security of infrastructure, cloud customers are responsible for data management and access controls — failure of which results in breaches. GartnerOpens a new window predicts that in nearly all cases, it is the user, not the cloud provider, who fails to manage the controls used to protect the organization’s data.
Gartner estimates through 2025, 99%Opens a new window of cloud security failures will be the customer’s fault. Bottom line, CIOs need to rethink the way they view the cloud. “CIOs must change their line of questioning from “Is the cloud secure?†to “Am I using the cloud securely?†the research firm notesOpens a new window .
What does this hold for ITDMs? Security leaders need to refresh their approach, practices and apply the right tooling for the cloud. For example, legacy on-premise security practices will not work well for the cloud environment.
A growing number of cloud security vendors (including heavyweights like Forcepoint, ProofPoint, Symantec, Cisco, Oracle) and newer players like Fortinet, Centraya see an opportunity in cloud management platforms (CMP) tools that address data security, delivers greater visibility into traffic from and between cloud services, users, endpoints and tackle compliance requirements.
One such contender, California-headquartered Bitglass, founded in 2013 has put forward a similar narrative. Bitglass CTO and co-founder AnuragOpens a new window Kahol Opens a new window puts forth key drivers for organizations to move the needle forward on cloud risk management strategies. Kahol reveals though demand for cloud applications is skyrocketing, cloud usage usually lags cloud security tools adoption.
Learn how solutions like Cloud Access Security Brokers (CASBs), that sit between the public cloud and end-user deliver granular visibility, data security, compliance in cloud services and help overcome weak user access controls that can result in data breaches.
Key takeaways from this interview:
- Understand how cloud strategy can affect overall security posture
- Best practices for enforcing visibility and control of cloud-based applications
- Guidance for secure, contextual access control to cloud apps
- Tips for reevaluating approach to protect data in the cloud
Here’s the edited transcript of the interview with Anurag Kahol:
1. To set the stage, can you tell us about Bitglass and your role at the company?
As organizations leverage a complex mix of users, devices, apps, web traffic, and infrastructure, it creates a matrix of interactions that need consistent, comprehensive security. The Bitglass Cloud Security platform provides security for any interaction. This helps organizations move to the cloud, enable BYODOpens a new window , and pivot to remote work without losing control of their data.
Additionally, as COVID-19 has caused remote work to become the norm, organizations need solutions that allow secure access to the cloud and the web via remote and personal devices. As such, Bitglass is spearheading the secure access service edgeOpens a new window (SASE) movement to enable organizations to deploy a comprehensive security platform equipped with granular security measures that can protect data wherever it goes.
As Bitglass’ chief technology officer (CTO), I am responsible for expediting the overall technology direction and architecture for the company.
2. In today’s business environment, what are the best strategies for companies when making a move to public cloud applications?
As more companies deploy cloud applications and modernize their workforce, they must also implement effective security tools and strategies tailored to a cloud environment. Unfortunately, even though cloud adoption continues to grow at a staggering rate, there is still a significant gap between the adoption of cloud-based tools and the adoption of cloud security technologies. In fact, 86%Opens a new window of organizations have deployed at least one cloud app, but only 34% have implemented single sign-on (SSO), a basic yet critically important cloud security tool.
While IaaS solutions like AWS, Microsoft Azure, and Google Cloud Platform Opens a new window all provide some native security and compliance functionality, there are still gaps that can only be addressed by the proper cloud security tools. For example, organizations will need to identify and fix misconfigurations on IaaS platforms with cloud security posture management (CSPM), encrypt sensitive data at rest, provide advanced threat protection (ATP) on any device to block the spread of zero-day attacks, and provide the identity and access management (IAM) capabilities needed for providing contextual access control to privileged users.
SASE technologies represent comprehensive security platforms equipped with the granular security measures needed for securing any interaction. Specifically, SASE provides security through a cloud-delivered suite of technologies including cloud access security brokers (CASBs), secure web gateways (SWGs), as well as zero trust network accessOpens a new window (ZTNA). This combination of tools provides the ability to protect data and defend against threats in any environment.
Learn More: Cybersecurity Risks Businesses Face in the Wake of COVID-19Opens a new window
3. How has the shift to cloud widened the attack surface?
Data is being stored in more cloud apps and accessed by more devices than ever before, increasing the size of the attack surface. In fact, this increase in attack vectors has caused 27% of organizationsOpens a new window to cite malware as the most concerning data leakage vector in the cloud (followed by compromised user accounts (21%) and misconfigurations (20%)).
Additionally, 65% of organizations allow employees to access corporate apps from personal, unmanaged devices. However, for securing these personal devices, just 34% report to have any endpoint compliance, and only 18% have data loss preventionOpens a new window (DLP) controls–critical capabilities for securing BYOD.
As cloud adoption and BYOD both increase an enterprise’s attack surface, some organizations have prioritized cloud security. Unfortunately many still need to reevaluate their approach to protecting data in the cloud since tools traditionally used for safeguarding data on-premises are incapable of securing data in this modern frontier.
Learn More: Choosing an Identity & Access Management (IAM) Solution? Top 10 Questions to AskOpens a new window
4. How does Bitglass’s CASB solution provide enhanced corporate identity and access controls to cloud services? How does IAM play into a typical CASB?
IAMOpens a new window is a core component of a CASB solution as it serves as the critical point of access that all users encounter in order to view, download, or upload data to and from the cloud. Bitglass’ CASB provides organizations with native single sign-on (SSO) and multi-factor authenticationOpens a new window (MFA) as well as the ability to integrate with any leading identity provider (IdP) an organization may already be using.
With users authenticated, Bitglass can then enforce contextual access control, and can block, allow, or provide intermediate levels of access to data and corporate cloud apps based on factors like user group, device, and location. With Bitglass’ step-up MFA, users performing suspicious actions can be asked for additional authentication in real-time, reducing the likelihood of account hijacking.
5. How is your team coping with remote work and what are your learnings from the crisis?
At Bitglass, we make a point of using our own solutions to protect our data. From the beginning, our Cloud Security platform was designed to adapt to any scenario and to seamlessly secure any interaction between any app, user, device, location, and more. In other words, when we had to shift quickly to remote work, we were already leveraging the cloud productivity tools necessary to enable off-premises collaboration, as well as the Bitglass solutions necessary for comprehensive protection in any environment.
Consequently, there have been no interruptions to user productivity or efficiency. We’re immensely proud of our team and our security solutions. Our multi-mode CASB secures access to SaaS from any device, our SmartEdge SWG (the world’s only on-device SWG) secures access to the web and shadow IT, and our agentless ZTNAOpens a new window secures access to on-premises resources.
About Anurag KaholOpens a new window : Anurag is the CTO and co-founder of Bitglass. In his position, he is responsible for expediting Bitglass’ overall technology direction and architecture. Prior to co-founding Bitglass, Anurag was the director of engineering in Juniper Networks’ Security Business Unit. Anurag received a global education, earning a M.S. in computer science from Colorado State University, and a B.S. in computer science from Motilal Nehru National Institute of Technology.
About Bitglass: BitglassOpens a new window , the Next-Gen Cloud Security company, is based in Silicon Valley with offices worldwide. The company’s cloud security solutions deliver zero-day, agentless, data and threat protection for any app, any device, anywhere. Bitglass is backed by Tier 1 investors and was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution. Follow Bitglass on Twitter Opens a new window and LinkedInOpens a new window .
About Tech TalkOpens a new window : Tech Talk is a Toolbox Interview Series with notable CTOs and senior executives from around the world. Join us to share your insights and research on where technology and data are heading in the future. This interview series focuses on integrated solutions, research and best practices in the day-to-day work of the tech world.
Do you believe the rise of the cloud has changed security requirements? Comment below or let us know onOpens a new window noopener” title=”Opens a new window” target=”_blank” target=”_blank”> LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!