Virtualization Technology News and Information
CensorNet 2017 Predictions: Cloud Security, Data Encrpytion and BYOD

VMblog Predictions 2017

Virtualization and Cloud executives share their predictions for 2017.  Read them in this 9th annual series exclusive.

Contributed by Ed Macnair, CEO, CensorNet

Cloud Security, Data Encrpytion and BYOD

BYOD and Modern Cloud Application Control

With cloud application adoption growing, there has been a fundamental shift in how BYOD endpoints need to be secured and managed. Organizations need visibility into the use of cloud applications and understand the risk they present, yet many still have legacy web security solutions designed over a decade ago that can no longer address the needs or the complexity of such modern technology. Today's web security solutions must offer Cloud Application Control (CAC) capabilities beyond the traditional security functionality to provide organizations with greater visibility and much better control of the use of cloud applications across all devices, regardless of whether users are in-office or mobile. Gartner agrees; predicting a quarter of enterprises will secure access to cloud-based services using a Cloud Access Security Broker (CASB) or CAC platform, reducing the cost of securing access by 30% in the process.

The days of pointing at the cloud provider if something goes wrong have passed. Users will find their way around any policy to get the job done, so the challenge remains to enforce security policies transparently without intervening in the end user experience that people have grown to enjoy from cloud related services. Modern CAC solutions should have the ability to change BYOD from a well-meaning concept to an applied business-friendly policy. It should enable the discovery of cloud apps in use, analyze the risk and be able to audit and log all usage, maximizing visibility for everyone's benefit beyond simply reporting after the event.

BYOD as a concept has enjoyed a decent shelf life but the security uncertainties that accompany it have eroded and are fast becoming yesterday's concerns. The barriers to adoption are diminishing and the mitigation of security risk is there for progressive companies that are willing to trash technology that was designed and architected to serve the market challenges of BYOD a decade ago.

CASB - New Acronym or Security Nirvana?

The easy availability and usability of cloud applications has a number of benefits for businesses, but also presents a big security issue. Legacy information security technologies were not designed to deal with these evolving threats.

As we continue to see more and more high profile security hacks in 2017, we will see the continued rise in demand for Cloud Access Security Broker (CASB) solutions as critical part of a layered security strategy. CASB introduces innovative access, control, and monitoring solutions for the enterprise and SMBs to meet the rising business necessities, such as - BYOD, real-time collaboration, user access, etc.

Sophisticated Hackers and Unpredictable Employees

Hackers are becoming increasingly sophisticated and employees increasingly unpredictable and this combination puts all businesses, not just banks, in a precarious position. We're living in a new world, one where the security tools of yesteryear no longer work. One where data is a currency and hacking is a hobby. It's a sorry state of affairs - we're playing whack a mole and constantly losing. In some ways we've made the job of cyber criminals easier by over complicating how we approach security. Spot solutions that only protect against a specific type of threat had their place, but they don't work together like they should, leaving blind spots that can be exploited. We need to see into every corner and every crevice so there is nowhere for the criminals to hide.

Despite improved security education and awareness within businesses, the reality is that three quarters of network intrusions involve weak or stolen passwords; highlighting the market requirements for a product that integrates multifactor authentication into a cloud based security solution. As in years past, CIOs will remain under immense pressure to encourage productivity yet protect sensitive data at the same time. They need a single pane of glass that gives them total visibility and control of web, cloud applications and email.

Encryption of Cloud Data is Not a Magic Bullet

A few years ago I might have written it was ‘underway,' but this would grossly understate the situation. Data which was once stored on premise has left the building. Data osmosis is taking place, draining life force from these antiquated shells into vast data centers run by some of the largest companies on earth. It is more than a trend. It is just reality.

As we go into 2017, the new question on everyone's lips is one of security. How do we keep that perfectly curated company data safe when prying eyes hidden in a world of VPNs, bulletproof hosting and dark forums are watching? In this world, encryption is often touted as the hero. People have been given hope by a technique shrouded in a complex veil of military nomenclature and supported by brain melting numbers, with billions of possible variations.

I'm not here to criticize encryption. It brings a level of complexity that is good in many respects as it makes things harder for threat actors. Encrypted data is more secure than unencrypted data, as long as keys are stored separately and updated on a regular basis. Fact. Google agrees, and that is often a good sign. Low frequency access to data at rest will be well served by encryption because access is not required often, and it is hard to do.

This complexity also exposes one of the weaknesses of the approach, however. Encryption is a reflection of the fact that it is expecting to be stolen, a defensive posture. However, one of the main points of having data in the cloud is because it is supposed to be easy to access.

Encryption is a wall. It is a very high wall with barbed wire around your data and a very good way of stopping people accessing things. However, data sitting inert is just a bunch of information stored on a disc. Data needs to be free, in motion and used by humans, if it is to be given value. For this reason, we need to enable organizations, in an intelligent manner. Give people the tools to make the most of their data, rather than just locking it in a bunker.


About the Author

Ed Macnair, CEO of CensorNet, brings 30 years of sales and business development expertise in the technology and IT security to CensorNet. He was previously founder and CEO of SaaSID, a UK based single sign-on and application security vendor, which was acquired by Intermedia Inc. Before Intermedia and SaaSID Macnair was CEO of Marshal, a global web and email security company which merged with US web security provider 8e6 Technologies to form M86 Security. Macnair has also held senior management positions with MessageLabs, Symantec, IBM and Xerox.


Published Tuesday, December 27, 2016 7:01 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2016>