The fear of unauthorized data access or data loss in cloud computing continues to be a stumbling block for the majority of companies, according to KPMG Cloud Monitor 2019. Even if security and data protection are to play a significant role in the choice of a provider, companies neglect to sufficiently secure access to cloud services.
When it comes to the subject of cloud security, cloud providers and cloud users must uncompromisingly pull together and work with one another. After all, both have a goal and each has an awful lot to lose: for the cloud users it is their likely critical data, and for the cloud providers it's their reputation and, ultimately, their business.
According to the study “Unternehmens-IT: Immer mehr Auslagerungen oder alles retour” (Company IT: more and more outsourcing or everything reverts back) by the management consultancy firm Axxcon, companies are increasingly losing sight of which cloud services they are having implemented. More than half of the managing directors, CIOs, IT managers, and security personnel questioned for the study assume that employees in their company use decentralized procured services. Around 30 percent even believe that it concerns more than ten different applications.
From the point of view of the users, there are good reasons for this. Many cloud apps (Software as a Service – SaaS) are practical and lead to fast results. Register, log on, invite colleagues from the department, and off it goes. This is a quick way to bypass compliance checks, data protection approval processes, and long waiting times. The SaaS range is large and interesting for all company departments: from Production, through Materials Management, to Accounting, Personnel, Sales, and Marketing and Media Relations.
However, the uncontrolled growth of various cloud and software as a service technologies carries risks, shown not just by Petya. This is why you should monitor and protect every SaaS service used in the company, even official ones such as Office 365. The challenge here is that neither the data nor the services themselves are under the control of the company itself.
The service Cloud Protect Pro detects and visualizes shadow IT, protects access to cloud applications, and classifies and regulates uploading, sharing, and downloading of data in the cloud (e.g. Office 365, SalesForce, Slack). The offer consists of a cloud access security broker (CASB). This platform recognizes cloud services in the company, regulates them, and protects them against misuse.
The service evaluates the risk associated with the cloud services, regulates the access through monitoring and inspection of data flows as well as classification and risk assessment of data. It also detects and prevents the misuse of usernames in cloud services by analyzing the user behavior and detecting deviations which are caused by malicious users or malware. Only then can all employees access the data without a hitch or risk and work in the cloud under supervision. On request, security experts support the integration and operations.
Future-proofing a company requires four building blocks: connectivity, cloud and IT infrastructure, security, and digitalization. With the help of a Drone Defense Shield from Telekom, security against industrial espionage is improved.