Securing the cloud without sacrificing efficiency

Lookout is a Business Reporter client

We’ve crossed the Rubicon when it comes to cloud adoption. Organisations have undergone an accelerated digital transformation in the short span of two years. The reasons for this transition are clear: the cloud brings agility and ease of use to operations while reducing costs. If you don’t move to the cloud, you lose your competitive edge.

As this transition takes place, the nature of security has changed. Protecting data has become a challenge as it moves wherever it is needed – across managed and unmanaged networks, devices and software. And with everything interconnected, there are countless more ways for attackers to compromise your infrastructure.

At this point of no return, security should provide businesses with greater control over their data, whether at rest or in motion, across networks, clouds, applications and devices. At the same time, it needs to enable an organisation’s employees, partners and ecosystem so they can access what they need, when they need it, to remain productive.

The solution to this challenge lies not with networking and security as separate entities, but with the convergence of both in the cloud, working together to protect data. Security Service Edge (SSE) is an integrated solution that securely connects workers to any application hosted on private or public networks without sacrificing performance, user experience or compromising security.

On any given day, a typical worker accesses three different types of data: SaaS solutions, private applications, and the global internet. HR accesses sensitive files on SaaS apps such as Workday or SAP SuccessFactors, data analysts access customer data stored on-premises or in private clouds, and just about every worker looks up terms on the internet.

If you lock down any one of these channels, you severely limit your users’ ability to remain productive. On the other hand, without the proper controls and visibility in place, you risk exposing data publicly and violating compliance regulations such as GDPR, HIPAA and PCI DSS.

Take a look at the largest breaches as of late. The culprit behind most of these attacks is data stored in the cloud with faulty permissions – usually due to human error. In fact, Gartner expects 99 per cent of cloud security failures through 2025 will be the “customer’s fault,” mainly in the form of cloud misconfiguration.

This “human error” is an inescapable consequence of overcomplexity in today’s modern IT architecture. Despite their ease of use, cloud systems can be extremely complex to secure, especially considering the hundreds of applications CISOs need to configure.

The alarming trend of large-scale data breaches calls for a reassessment of the systems in place meant to protect data.

To accommodate accelerated digital transformation, CIOs and CISOs strung together “best-of-breed” security solutions as a quick way to solve unique challenges in the cloud. But this has compounded the complexity: according to a recent survey from Ermetic, the average enterprise has 76 security products to juggle, each made for an individual use-case.

By consolidating these disparate point products into a single platform, SSE, CIOs and CISOs can build a more efficient security infrastructure that ensures all data security and compliance considerations are met, while also allowing for open cloud data interaction. This is achieved by addressing all three of the main access models today – SaaS apps, private apps and the web.

As you look at procuring SSE technologies, you want to focus on vendors that not only provide connectivity but offer you strong data protection capabilities as well.

One of the most important aspects of securing data in the cloud-first world is understanding the context in which a data event is happening. This could be the user accessing the data, usage or access patterns from particular devices and users, or the indicated risk level of that user or device.

Technology such as data loss prevention (DLP), enterprise digital rights management (EDRM) and user entity and behaviour analysis (UEBA) are designed to detect and restrict access when the device or user risk levels get too high. When integrated with SSE, these data protection tools work in tandem to provide full visibility across an entire hybrid infrastructure to gain visibility into the risk-level of users and endpoints and map them to the sensitivity level of the data they seek to access.

With cloud applications, collaboration has skyrocketed. To maintain this momentum, implementing a data-centric cloud security strategy, designed to fully protect an organisation’s data across networks, clouds, applications, users and devices, but not limit its freedom to grow and thrive, is a critical next step for organisations large and small.

Want to learn more about Lookout’s unified approach to cloud security? Read our Whitepaper, Five Top Risks with Operating in the Cloud – And What You Can Do About It.

To learn more about the Lookout Cloud Security Platform, visit www.lookout.com/sase.

Originally published on Business Reporter