Cloud computing has brought about an entirely new world of cyber security issues. The ubiquitous connectivity that it represents not only pertains to the advantages that it delivers, but also to a new perimeter that must be guarded as much from the inside as the outside. In fact, the mantra that I continually use when discussing resiliency with our customers is the idea that there are only two real threats to consider: the threats that reside outside the organization—and those that reside inside the organization.
And though that may sound dire, the fact is threats can come from employees as much as from cyber criminals. Now, I’m obviously not implying that all employees are somehow cyber criminals waiting to pounce when the opportunity arises—far from it. In the case of internal threats, the instances where actual malicious behavior occurs are extremely low. The real threat comes from simple human nature: people being either naive around potential threats, or just complacent when interacting with the cloud.
This is why a comprehensive cloud security infrastructure such as Cloud Access Security Broker (CASB) is imperative for companies to manage security policies: CASB is built to monitor the traffic between on-premises devices and the cloud.
The true value of CASB is the insight that it delivers along with subsequent controls—using auto-discovery to identify everything from what particular cloud applications are currently in use, to identifying high-risk applications. For instance, one of the major culprits of potential threats can be people practicing what is known as shadow IT, spinning up cloud applications for their own use that reside outside the company’s infrastructure. These can include productivity apps such as Trello or Slack, communications apps like Skype, and even cloud storage apps such as Google Drive or Dropbox.
And with any of these apps, there’s probably no malicious intent: people use these because they are familiar, work well to enhance productivity and communications, and make personal daily tasks easier to manage. This is where CASB can help by enforcing any number of security access controls to enable encryption, device profiling, and provide credential mapping when single sign-on is not available.
In short, early detection and subsequent response can save the day. And whether threats are due to simple negligence on the part of an employee, or come in the form of a more maliciously intended inside threat, such as threats from privileged users or compromised accounts, the outcome should always be the same: stopping the threat before real damage can occur.
But how is this accomplished? Companies need to encompass a people, process and technology approach combined with a data-centric approach to security. First, build on the people and process foundation to provide a data-centric solution that will protect the organization against current and future threats. It's crucial: processes should be created and socialized in a manner that best fits corporate culture, existing processes, and people's individual needs as they pertain to job function.
Unfortunately, trying to navigate such an undertaking is not always the easiest thing to do—at least not internally. That said, not all is lost. It's this stage where professionals are the best course of action. Knowing how to create policies that improve workflows and not impede them is where experts shine. More so, having a fresh look at cyber security infrastructure and how it relates to daily processes is never a bad thing. The insight that can be brought to the table can be as invaluable as the security project itself.
And finally, there is the technology. Though it's the proverbial linchpin that holds the entirety of the project together, it’s important to choose the solution that best matches the process and people part of the equation. After all, if the final result not only addresses security needs, but also the attitude of people towards it, then the consequences can be far greater than anticipated.
Educate the people, empower them, and make their lives easier, and you will find that all employees will take a stance against the world, asking the question on behalf of the organization: "Are you threatening me?” That's where real cyber security resides.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]
septembre 27, 2022
Cyber Security in the Contemporary Environment—Mixing Old and New
No defence lasts forever and statistically cyber attacks are eventually successful somewhere. Investing in response is the ‘missing half’ of the cyber defence discussion.
août 17, 2022
Calian Executives Accepted into Forbes Technology Council
Calian IT and Cyber Solutions executives Faisal Bhutto, Senior Vice President of Cloud and Cybersecurity, and Worth Davis, Senior Vice President of Enterprise Solutions, have been accepted into the Forbes Technology Council for their leadership and expertise in their fields.
juillet 7, 2022
Calian ITCS US Receives Multiple Awards Showcasing its Growth as a Trusted Cybersecurity Solutions Provider
Calian ITCS US (formerly Computex) received two important awards that represent its continued commitment to being a top cybersecurity solutions provider in the Greater Houston area and beyond.