The fear of unauthorized data access or data loss in cloud computing continues to be a stumbling block for the majority of companies, according to KPMG Cloud Monitor 2019. Even if security and data protection are to play a significant role in the choice of a provider, companies neglect to sufficiently secure access to cloud services.
When it comes to the subject of cloud security, cloud providers and cloud users must uncompromisingly pull together and work with one another. After all, both have a goal and each has an awful lot to lose: for the cloud users it is their likely critical data, and for the cloud providers it's their reputation and, ultimately, their business.
According to the study “Unternehmens-IT: Immer mehr Auslagerungen oder alles retour” (Company IT: more and more outsourcing or everything reverts back) by the management consultancy firm Axxcon, companies are increasingly losing sight of which cloud services they are having implemented. More than half of the managing directors, CIOs, IT managers, and security personnel questioned for the study assume that employees in their company use decentralized procured services. Around 30 percent even believe that it concerns more than ten different applications.
From the point of view of the users, there are good reasons for this. Many cloud apps (Software as a Service – SaaS) are practical and lead to fast results. Register, log on, invite colleagues from the department, and you are ready to go. This is a quick way to bypass compliance checks, data protection approval processes, and long waiting times. SaaS offers a wide range of services that are interesting for all company departments: from Production and Materials Management, to Accounting, Personnel, Sales, and Marketing and Media Relations.
However, the uncontrolled growth of various cloud and software as a service technologies carries risks. This is why you should monitor and protect every SaaS service used in the company, even official ones such as Office 365. The challenge here is that neither the data nor the services themselves are under the control of the company itself.
The service Cloud Protect Pro detects and visualizes shadow IT, protects access to cloud applications, and classifies and regulates uploading, sharing, and downloading of data in the cloud (e.g. Office 365, SalesForce, Slack). The offer consists of a cloud access security broker (CASB). This platform recognizes cloud services in the company, regulates them, and protects them against misuse.
The service evaluates the risk associated with the cloud services, regulates the access through monitoring and inspection of data flows as well as classification and risk assessment of data. It also detects and prevents the misuse of usernames in cloud services by analyzing the user behavior and detecting deviations caused by malicious users or malware. Only then can all employees access the data smoothly and safely and work in the cloud under supervision. On request, security experts support the integration and operations.
Future-proofing a company requires four building blocks: connectivity, cloud and infrastructure, security, and digitalization. Secure your network and protect data traffic to and from the cloud with a Secure Web Gateway.