Gartner Archives - IT Security Guru

Gartner: 5 Considerations for I&O Leaders Planning Against Ransomware Attacks

The Gurus — Wed, 07 Dec 2022 17:21:35 +0000

Ransomware attacks are hitting organisations every day and infrastructure & operations (I&O) leaders are aggressively bolstering protection, detection and response capabilities against attacks.

However, questions remain as to whether existing disaster recovery (DR) and business continuity plans are sufficient for ransomware recovery.

To address this, I&O Leaders must consider five areas between the two recovery approaches, to better establish whether existing plans can withstand a potential ransomware attack.

Similarities and Differences

Traditional DR and ransomware recovery have many similarities, including the need to coordinate with business continuity management, prioritise via recovery tiers and understand dependencies. Both also require procedures to assess the impact, declare and activate recovery plans, execute plans, and obtain clarity around access and maintenance.

However, ransomware recovery involves greater complexity and unpredictability and so it’s important to consider the business demand of the differing recovery steps in the process, which will naturally involve different stakeholders. These include varied recovery approaches, location, data loss, recovery time and the speed of a return to business as usual.

Disaster Recovery Protects Against ‘Predictable’ Disasters

Traditional DR planning assumes that an entire location or application has failed, requiring failover to a DR location. These events can vary in scope, from regional power outages to IT equipment failure, and even natural disasters such as earthquakes, tornadoes and flooding, which destroy all infrastructure.

Planning for these events requires active or hot standby application infrastructure across data centres, which enables the failover to happen within a reasonable time, and with minimal or no data loss.

Disaster Recovery Not Always Suitable for Ransomware Attacks

As of today, ransomware attacks are mostly well-planned where the attack can start weeks or months before the final ransomware assault. Typically, ransomware is only activated as the last step in a this well-prepared cyberattack, with attackers still having access during the attack.

Traditional DR usually relies on the replication and synchronisation of applications, data, and foundational network services between the primary site and the DR location. So, all the work the attackers do to compromise the production site will be replicated on the DR site. Consider that the contamination of the DR site will make it impossible to use standard recovery procedures after a cyberattack.

Contemplate that you may have to build from scratch in a worst-case situation and this will require planning to recover from alternative infrastructures, such as isolated recovery environments, cloud infrastructure, relocation sites and services.

Disaster Recovery and Ransomware Recovery Follow Different Processes

Traditional DR activation follows a straightforward process where — after the disaster event is detected — an assessment is conducted to decide whether failover is required or not. After that, failover is executed and validated, and business continues. A well-planned failback (when applicable) can be executed when the primary environment is recovered.

Recovery from ransomware, on the other hand, requires multiple and more complex stages. In the first phase, there is a focus on stopping the attack from execution and propagation. In the second phase, forensic analysis is required to find out what happened, what ransomware was executed, the security issues at hand and how it infiltrated the infrastructure. During the third phase, analysis is required to find which network artefacts, apps, data and backups are affected.

Through phase four, there is a focus on the recovery of foundational infrastructure, by either a restore or a rebuild of all artefacts in the network, as well as storage and compute infrastructure, followed by a rebuild or recovery of network services like DNS and AD. In phase five, a dedicated isolated recovery environment (IRE) is leveraged to scan, repair, and validate operating and application/data systems to prepare for recovery back to the primary environment. Finally, in phase six, systems are migrated out of IRE back to production.

This level of impact on the entire infrastructure is what makes ransomware recovery so complex and unpredictable, as you need to first recover and resecure every impacted element in your infrastructure environment before you can recover systems, applications and their data. Examine the complexities that come along with the different processes and the demands this may ask of your organisation.

Ransomware Recovery is a ‘Team Effort’

DR is often led by the DR team, which consists of the server team, network team, storage team, backup team, who all report to the DR manager, who then reports to the CIO. DR is part of the wider business continuity management process, where DR is responsible for the recovery of IT systems in a disaster situation.

Ransomware recovery, on the other hand, is initially led by the cybersecurity incident response team, which reports to the chief information security officer and is supported by other infrastructure and operations teams, including the DR team. Hence, recovery from a ransomware attack is far more of an all-enterprise effort and consider whether you have the resources to approach this appropriately.

Gartner analysts will further explore and compare disaster recovery and ransomware recovery at next year’s Gartner Security & Risk Management Summit 2023, taking place 26-28 September, in London, UK.

Jerry Rozeman is a Senior Director Analyst at Gartner

The post Gartner: 5 Considerations for I&O Leaders Planning Against Ransomware Attacks appeared first on IT Security Guru.

Gartner Says Global Artificial Intelligence Business Value to Reach $1.2 Trillion in 2018

The Gurus — Thu, 26 Apr 2018 10:00:18 +0000

Global business value derived from artificial intelligence (AI) is projected to total $1.2 trillion in 2018, an increase of 70 per cent from 2017, according to Gartner, Inc. AI-derived business value is forecast to reach $3.9 trillion in 2022.

The Gartner AI-derived business value forecast assesses the total business value of AI across all the organisation vertical sectors covered by Gartner. There are three different sources of AI business value: customer experience, new revenue, and cost reduction.

Customer experience: The positive or negative effects on indirect cost. Customer experience is a necessary precondition for widespread adoption of AI technology to both unlock its full potential and enable value.
New revenue: Increasing sales of existing products and services, and/or creating new product or service opportunity beyond the existing situation.
Cost reduction: Reduced costs incurred in producing and delivering those new or existing products and services.

“AI promises to be the most disruptive class of technologies during the next 10 years due to advances in computational power, volume, velocity and variety of data, as well as advances in deep neural networks(DNNs),” said John-David Lovelock, research vice president at Gartner. “One of the biggest aggregate sources for AI-enhanced products and services acquired by organisations between 2017 and 2022 will be niche solutions that address one need very well. Business executives will drive investment in these products, sourced from thousands of narrowly focused, specialist suppliers with specific AI-enhanced applications.”

AI business value growth shows the typical S-shaped curve pattern associated with an emerging technology. In 2018, the growth rate is estimated to be 70 per cent, but it will slow down through 2022 (see Table 1). After 2020, the curve will flatten, resulting in low growth through the next few years.

Table 1. Forecast of Global AI-Derived Business Value (Billions of US Dollars)

	2017	2018	2019	2020	2021	2022
Business Value	692	1,175	1,901	2,649	3,346	3,923
Growth (%)		70	62	39	26	17

Source: Gartner (April 2018)

“In the early years of AI, customer experience (CX) is the primary source of derived business value, as organisations see value in using AI techniques to improve every customer interaction, with the goal of increasing customer growth and retention. CX is followed closely by cost reduction, as organisations look for ways to use AI to increase process efficiency to improve decision making and automate more tasks,” said Mr Lovelock. “However, in 2021, new revenue will become the dominant source, as companies uncover business value in using AI to increase sales of existing products and services, as well as to discover opportunities for new products and services. Thus, in the long run, the business value of AI will be about new revenue possibilities.”

Breaking out the global business value derived by AI type, decision support/augmentation (such as DNNs) will represent 36 per cent of the global AI-derived business value in 2018. By 2022, decision support/augmentation will have surpassed all other types of AI initiatives to account for 44 per cent of global AI-derived business value.

“DNNs allow organisations to perform data mining and pattern recognition across huge datasets not otherwise readily quantified or classified, creating tools that classify complex inputs that then feed traditional programming systems. This enables algorithms for decision support/augmentation to work directly with information that formerly required a human classifier,” said Mr Lovelock. “Such capabilities have a huge impact on the ability of organisations to automate decision and interaction processes. This new level of automation reduces costs and risks, and enables, for example, increased revenue through better microtargeting, segmentation, marketing and selling.”

Virtual agents allow corporate organisations to reduce labour costs as they take over simple requests and tasks from a call centre, help desk and other service human agents, while handing over the more complex questions to their human counterparts. They can also provide uplift to revenue, as in the case of roboadvisors in financial services or upselling in call centres. As virtual employee assistants, virtual agents can help with calendaring, scheduling and other administrative tasks, freeing up employees’ time for higher value-add work and/or reducing the need for human assistants. Agents account for 46 per cent of the global AI-derived business value in 2018 and 26 per cent by 2022, as other AI types mature and contribute to business value.

Decision automation systems use AI to automate tasks or optimise business processes. They are particularly helpful in tasks such as translating voice to text and vice versa, processing handwritten forms or images, and classifying other rich data content not readily accessible to conventional systems. As unstructured data and ambiguity are the staple of the corporate world, decision automation — as it matures — will bring tremendous business value to organisations. For now, decision automation accounts for just two per cent of the global AI-derived business value in 2018, but it will grow to 16 per cent by 2022.

Smart products account for 18 per cent of global AI-derived business value in 2018, but will shrink to 14 per cent by 2022 as other DNN-based system types mature and overtake smart products in their contribution to business value. Smart products have AI embedded in them, usually in the form of cloud systems that can integrate data about the user’s preferences from multiple systems and interactions. They learn about their users and their preferences to hyperpersonalise the experience and drive engagement.

Dr Anton Grashion, manager – security practice at Cylance, said “This is unsurprising with AI gaining attention at the highest level in governments too, with both the French and UK governments recently commenting on AI and staking a claim to be a significant part in the development of the technology. The benefits of AI are not always obvious but in certain circumstances the value is both immediate and apparent, such is the case in cybersecurity.”

The post Gartner Says Global Artificial Intelligence Business Value to Reach $1.2 Trillion in 2018 appeared first on IT Security Guru.

20 Per Cent of Organisations Will Use Smartphones in Place of Traditional Physical Access Cards By 2020

The Gurus — Tue, 17 Jan 2017 09:53:32 +0000

Gartner today has announced that 20% of organisations will be using Smartphones instead of traditional physical access cards by 2020. This will rise from the 5% of organisations that used smartphones for access in 2016.
In 2016, less than 5 per cent of organisations used smartphones to enable access to offices and other premises. By 2020, Gartner, Inc. said that 20 per cent of organisations will use smartphones in place of traditional physical access cards.
“A significant fraction of organisations use legacy physical access technologies that are proprietary, closed systems and have limited ability to integrate with IT infrastructure,” said David Anthony Mahdi, research director at Gartner. “Today, the increasing availability of mobile and cloud technologies from many physical access control system (PACS*) vendors will have major impacts on how these systems can be implemented and managed.”
PACS technology is widely deployed across multiple vertical industries and geographies to secure access to a wide range of facilities (buildings, individual offices, data centers, plant rooms, warehouses and so on), ensuring that only entitled people (employees, contractors, visitors, maintenance staff) get access to specific locations.
Mobile technology is already widely used for logical access control. Phone-as-a-token authentication methods continue to be the preferred choice in the majority of new and refreshed token deployments as an alternative to traditional one-time password (OTP) hardware tokens. Gartner projects that the same kinds of cost and user experience (UX) benefits will drive increasing use of smartphones in place of discrete physical access cards. Smartphones using technologies and protocols such as Bluetooth, Bluetooth LE, and Near Field Communication can work with a number of readers and PACS technology.
One of the easiest ways to use a smartphone’s access credentials is to integrate them — via a data channel over the air or via Wi-Fi — into the access control system (ACS) and “unlock the door” remotely (just as an ACS administrator can). This approach requires no change to reader hardware.
Using smartphones can also simplify the integration of biometric technologies. “Rather than having to add biometric capture devices in or alongside readers, the phone itself can easily be used as a capture device for face or voice (or both), with comparison and matching done locally on the phone or centrally,” said Mr Mahdi. “This approach also mitigates the risks from an attacker who gains possession of a person’s phone.”
The technology’s limitations remain a challenge. For example, there’s significant disparity in functionality between smartphones, and some security and risk management leaders should be aware that their physical card readers and PACS might require a significant upgrade to use smartphones for physical access. “Nevertheless, replacing traditional physical access cards with smartphones enables widely sought-after cost reductions and UX benefits,” said Mr Mahdi. “We recommend that security and risk managers work closely with physical security teams to carefully evaluate the UX and total cost of ownership benefits of using access credentials on smartphones to replace existing physical cards.”

The post 20 Per Cent of Organisations Will Use Smartphones in Place of Traditional Physical Access Cards By 2020 appeared first on IT Security Guru.

FireMon Acquires FortyCloud for multi-cloud Management

The Gurus — Tue, 25 Oct 2016 09:04:50 +0000

FireMon, a Network Security Policy Management (NSPM) provider, today announced its acquisition of FortyCloud, a field-proven cloud infrastructure security broker. The move advances FireMon’s cloud management capabilities across all major cloud platforms providing a comprehensive view and consistent control of the complex hybrid environments enterprises must manage.
According to Gartner’s 2017 Planning Guide for Cloud Computing, “Through 2020, 95% of cloud security issues will be the organization’s fault, not the cloud provider’s.” FireMon recognizes that managing the complexity of today’s networked environments is not always straightforward as they consist of a variety of disparate technologies and security controls in the cloud and on premise. The report goes on to say, “Inadequate security practices can quickly turn an otherwise well-intentioned cloud initiative into a massive disaster for an organization.”
The company’s acquisition of FortyCloud addresses this market need by providing solutions to help effectively secure cloud infrastructure and make the transition to the cloud simpler by extending security and connectivity to the public cloud.
“Our customers are at varying points on their journey of implementing public and hybrid cloud strategies,” said Satin H. Mirchandani, CEO, FireMon. “While the security needs are very similar in cloud infrastructure and on-premise networks, the technology implementations can be very different. FireMon intelligent security management solutions allow the network and security teams to quickly deliver the capabilities the business demands to stay competitive.”
In addition to the strategic importance of cloud security technologies, it’s critical to have a team and solutions that have proven successful in real-world environments.
“One of the most impressive aspects of the FortyCloud technology is the customer and market acceptance,” said Jody Brazil, co-founder and chief product strategist, FireMon. “The FortyCloud team has built a great, multi-cloud security solution that is being used by many large and complex global organizations. We look forward to working with them to further advance the great solutions they’ve already produced.”
With the addition of FortyCloud to its suite of products, FireMon will support:

Native cloud awareness to enhance management capabilities
Cloud discovery and automated security group mapping
Security object abstraction across the enterprise and multiple cloud environments
Automation of security enforcement in multi-cloud environments

“I’ve been very impressed with the entire FireMon team and am very excited to work with the leading global NSPM vendor,” said Amir Naftali, CTO and co-founder, FortyCloud. “We look forward to sharing our solution with FireMon’s 1,000+ customers and continuing to expand our vision of securing the public cloud.”
FireMon’s Intelligent Security Management solutions are a complete package of policy and risk analysis, automated change management and security analytics and monitoring. It does this in a single platform that gives security professionals a centralized view of the traffic, rule usage and changes happening across the environment.

The post FireMon Acquires FortyCloud for multi-cloud Management appeared first on IT Security Guru.

Cybersecurity as an IT problem is a thing of the past

The Gurus — Mon, 23 May 2016 12:32:20 +0000

The last quarter of 2015 witnessed a series of high profile data breaches which may prove to be a tipping point in public attitudes towards data security. The TalkTalk hack, in particular, defines the new risk normal for 21st century business. Estimates put the cost to the company at £60 million and between 100,000 and 250,000 lost customers[1].
By chance, this period also saw the release of the final draft of the new European General Data Protection Regulation, which defines the new regulatory normal for any business holding or processing the data of EU citizens.
These events ought to ring alarm bells in boardrooms across the country, because breaches are a regular event in most organisations. The 2015 Information Security Breaches Survey, conducted by PWC for the UK government, found that 90% of large organisations and 74% of small businesses suffered a data breach in 2014-15[2]. In fact, most suffered multiple breaches: the median number for large organisations was an astonishing 14. Most breaches result from human error, but a quarter of large organisations (and one in seven smaller ones) reported that their networks had been penetrated by unauthorised outsiders. Where this had occurred, 80% of respondents admitted it had happened “a few times” or more.
Of course, these figures only account for detected attacks, and detection rates aren’t great. According to the same report, only around 40% of incidents were identified by the organisation’s routine internal security or other controls; over 25% were detected by accident or by notification from outside the business (i.e. the police or the media). This helps to explain the results of a Hewlett Packard and FireEye survey in the US, which found that the median time to detect a breach was 205 days, and that it took a further 31 days to contain it. In other words, the perpetrators of a successful hack can bank on getting an eight month head start on the authorities[3].
The signs are that consumers are becoming much less tolerant of companies and public bodies that can’t keep their personal information safe. A survey commissioned by the ICO in January 2016 found that over three-quarters of respondents would consider stopping using a company’s services if they received news of a data breach[4]. More recent research by CSID found that 21% of people had already stopped using an online service because of data security concerns. The same percentage of people – surely no coincidence – reported that they had been the victims of identity fraud in the past.
Companies are responding to the increasing threat of cybercrime by investing in technology. Gartner estimates corporates around the world will invest $101 billion on information security by 2018, up from $77 billion last year[5]. However, according to CESG, the information security arm of GCHQ, “there’s no such thing as 100% security and your organisation will probably experience some form of cyber-attack at some time.”[6]
Part of the reason is that the cyber threat has morphed over the last decade. Previous activity was based on cleverly crafted attacks by skilled individuals. In contrast, modern cybercrime has become industrial in scale and approach: cheap, mass-produced and easily accessible. Hacking communities, discussion groups and online walkthroughs are plentiful and easy to find. Tools which were previously the preserve of professional hackers – exploit kits, remote access Trojans (RATs) and crypto-lockers – can be purchased by anyone minded to do so. Ransomware is often provided free in return for a percentage of the bitcoin take. Online marketplaces enable personal information and credit card details to be readily bought. Young, technology-savvy kids looking for kudos, validation or just laughs at others’ expense, are turning to cybercrime to get their kicks. Evidence of this can be found in most high profile recent crimes. For example, the TalkTalk breach and the attack on Sony PlayStation and Xbox systems were all allegedly perpetrated by youths aged 15 to 20.
These trends are common across Europe, which explains why the European Commission is taking steps to standardise the rules for keeping data secure. Under the General Data Protection Regulation, due for adoption in summer 2016 and to come into force in 2018, organisations will be obliged to inform their data commissioner (the ICO in the UK) of any breach, and to inform individuals if the breach could impact their privacy or security. Individuals must be told what has been stolen and provided with appropriate recommendations for mitigating possible adverse effects. In short, organisations must provide victims with protection from all forms of fraud that could result from the abuse of their lost personal data. This is a major change: at present, any ‘identity protection’ offered is typically only aimed at protecting the victim’s credit file.
Changes to the financial penalties for getting it wrong are just as significant. Under current regulations, the ICO can fine organisations a maximum of £500,000. The new EU rules will increase that to €20 million, or 4% of global revenue, whichever is greater.
Organisations are caught between the rising threat of industrial-scale cybercrime, carried out by a generation of semi-skilled hackers employing user-friendly tools; the increasingly unsympathetic attitude of the public; and demanding new regulations with which they have no choice but to comply. Henceforth, they will need to have a response plan in place that can be deployed quickly; that covers all forms of data breach; that provides authoritative information and advice about potential fraud risks; and which helps individuals to successfully resolve any cases that do occur. All businesses that collect and store personal information should make this a central plank of their strategy for 2016.

[1] http://www.scmagazineuk.com/costs-of-talktalk-breach-amount-to-60m/article/470968/
[2] ‘2015 Information Security Breaches Survey: Technical Report’, HM Government.
[3] ‘M-Trends 2015: A View From The Front Lines’, Mandiant; and ‘Global Report on the Cost of Cyber Crime’, Ponemon Institute, 2014.
[4] https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2016/01/your-reputation-is-at-risk-if-you-don-t-keep-data-safe-ico-warns
[5] http://www.reuters.com/article/us-talktalk-cyberattack-stocks-idUSKCN0SO1OX20151030
[6] https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/400106/Common_Cyber_Attacks-Reducing_The_Impact.pdf

The post Cybersecurity as an IT problem is a thing of the past appeared first on IT Security Guru.

AppRiver Announces First Netherlands Distributor – DCC

The Gurus — Fri, 14 Aug 2015 10:27:49 +0000

AppRiver, a leading provider of email messaging and Web security solutions, today confirmed its first distributor for the BeNeLux region. DCC Nederland, a value added distributor, is to add all of AppRiver’s products to its portfolio – including SecureTide spam and virus protection, CipherPost Pro email encryption and SecureSurf Web protection.
AppRiver and DCC’s partnership could not come at a more influential time for the cloud industry. According to a recent Gartner survey, 72 percent of global enterprises said they are currently using or planning to use cloud solutions by 2017. [1]
“Expanding our product portfolio to include AppRiver’s cloud-based security and productivity solutions was a strategic move,” said Volker Ladage, co-founder and director of DCC Nederland. “The moment a partner signs up to resell AppRiver solutions, it becomes obvious the company is committed to their success. Partner tools, certifications, co-branding and 24/7 support is available. But the bottom line is that AppRiver’s solutions serve a growing client need, stimulate new business opportunities and increase profitability.”
As new cyber threats and security requirements emerge, customers throughout Europe are looking to their solution providers for guidance on how to best protect their systems.
“Our technology was designed to keep businesses productive and information secure,” explains Rocco Donnino, EVP, AppRiver. “We are happy to be offering the DCC partner community choice, enhanced functionality and greater overall value.”
Founded in 2002, AppRiver protects more than 47,000 businesses around the globe from today’s most sophisticated IT threats. The company’s cloud-based security suite includes email hosting, email security, archiving, encryption and Web protection services. SecureSurf, one of the newest additions to the AppRiver portfolio, is a comprehensive and cost-effective solution for Web-based malware. All services come with a 30-day free trial and are backed by AppRiver’s signature Phenomenal Care.
AppRiver redefines two-tier partner programs by making them simple; the partner can set the price, bill their customers and cancel their service any time, while AppRiver can handle supporting and troubleshooting any issues that may arise. Additionally, AppRiver understands how annual contracts can become a barrier to many partners and their customers with the fear of costly cancellation fees if the program or solution is not the best fit. That is why AppRiver offers affordable per-user, pay-as-you-go services that give partners greater flexibility and more control without hidden charges under the surface.
To further streamline its partner program, AppRiver offers its partners a management console, designed with the two tiers needed – a portal where DCC create and manage its partners, and then a separate portal where resellers create end users and manage their services. Both portals can be branded according to partners’ and resellers’ needs.
Other AppRiver Partner benefits include:

Recurring revenue in the rapidly growing market for email hosting and security solutions;
No set-up fees, up-front investments, certifications or minimum revenue requirements;
Affordable per-user, pay-as-you-go services that give greater flexibility and more control without hidden charges under the surface;
AppRiver’s Phenomenal Care – 24/7 support to help customers navigate smoothly through any issues that arise; and
Access to AppRiver University – its ongoing training and professional development program, offering regular webinars to keep partners up to date on the latest services release and upgrades.

To find out more about AppRiver and its products, visit www.uk.appriver.com. To find out more about DCC Nederland, visit www.dcc-nederland.nl.

About AppRiver
AppRiver is a Software-as-a-Service (SaaS) provider offering award-winning email and Web security solutions to businesses of all sizes. Understanding the need to protect networks from today’s increasingly complex IT threats, AppRiver offers businesses a comprehensive, yet affordable subscription-based solution that incorporates the latest spam and virus protection, email encryption and Web security on the market. In addition, the company provides a complete managed service for Microsoft Exchange, as well as a bundled Office 365 solution. Since its inception, AppRiver has sustained an impressive 93% customer retention rate while growing its customer base to more than 47,000 companies and over 8 million mailboxes worldwide. The company maintains offices in Gulf Breeze, Florida, Austin, Texas, Atlanta, Georgia and Switzerland, and is led by an Ernst & Young Florida Entrepreneur of the Year award winner. For more information, please visit www.appriver.com.
About DCC Nederland
DCC Nederland BV is Value Added Distributor offering solutions for network management en security, antivirus and e-mail security, vulnerability and patch management, mail en file archiving, remote desktop, live chat and web conferencing tools.
DCC Nederland BV does deliver licenses and services to resellers, system integrators and of course MSP’s. If needed and on request DCC Nederland assists her partners with pre- and after sales support, trainings, installations, configurations and webinars.
[1] Hai Hong Swinehart, Bianca Francesca Granetto, and Tom Eid “Competitive Landscape: Cloud-Based Office Productivity Tools, Worldwide, 2015,” Gartner, Inc., August 3, 2015, www.gartner.com (report available with subscription).

The post AppRiver Announces First Netherlands Distributor – DCC appeared first on IT Security Guru.

Is your web security cloud application proof?

The Gurus — Wed, 06 May 2015 11:08:52 +0000

From Dropbox to Twitter to WeTransfer and Salesforce, the use of cloud-based applications has become an everyday part of the modern business ecosystem. Research has shown that the average employee uses a staggering 27 apps at work. To accommodate this trend, most companies are now deploying cloud-based solutions; the expectation being that by 2018 around 59 per cent of companies will be using software-as-a-service (SaaS).
As the understanding of the cloud has matured, progressive organisations have started to adopt enterprise applications that are tailored to the meet the needs of their business. However, these businesses still rely on security products that were designed before the onset and global expansion of web applications. As a result, they are unable to meet the demands and complexity of the modern and mobile work environment.
So where does this leave businesses and their overwhelmed IT departments?
CIOs and IT departments are under increasing pressure to provide employees with reliable and secure web access across all devices, whilst controlling the use of cloud applications – all without compromising data security and preventing the spread of Shadow IT.
Part of the reason the growth of cloud applications has posed such a challenge and threat to traditional web security is because often users are unaware of the risks associated with sharing and uploading information. Research has shown that 43 per cent of C-level executives say negligent insiders are the greatest threat to sensitive data. Instead of going through the red tape of IT procurement, provisioning, testing and security, employees are quick to download the latest app to access or share data. However, such a quick fix can have damaging implications on a company’s most valuable corporate assets – its intellectual property and brand reputation.
Discover, analyse and control
Now more than ever, organisations need to be able to monitor an individual’s use of corporate assets at the most basic level, regardless of whether users are in-office or mobile. Cloud application control (CAC) software can provide businesses with visibility and the ability to discover, analyse and control the information staff are accessing or sharing. With businesses under pressure to provide staff with access to the latest innovations, security becomes even more important.
The ongoing consumerisation of information technology is creating a Shadow IT community; a community which CIOs have little or no control over. ‘Everything-as-a-service’ presents the opportunity to buy localised cloud apps that complement or replace corporate on premise system software, with most users opting for familiar branded apps under the false pretence that it is safe. With apps like Dropbox being quick to download and easy to use, it is not a trend that is going to disappear any time soon. If you can deploy an app in seconds to get the job done without the delay of following IT regulations and security, then why not?
The problem is that most apps are generic; created to service a mass market with only a basic level of security. As more companies embrace cloud applications to replace on premise legacy systems, they must be aware of the potential security risks. To successfully apply security and privacy settings, businesses need greater visibility and control of enterprise data in the cloud that is accessed using both company managed and bring your own devices (BYOD).
A fresh approach to security
In order to cope with the exponential rise of the app, data and cloud market, today’s web security solutions must offer CAC capabilities beyond the traditional security functionality. Security should extend beyond the web gateway and address the fundamental gap that resides between traditional web security and content filtering to secure the way in which we use apps today. Gartner agrees; by 2016 25 per cent of enterprises will secure access to cloud-based services using a cloud application security broker (CASB) platform, reducing the cost of securing access by 30 per cent in the process.
Ideally CAC should truly ‘follow the user’ by monitoring all actions. It should encourage the use of cloud apps and services while keeping company assets secure. This requires the ability to analyse the risk, audit and log all usage to maximise visibility at the time an issue occurs, rather than acting as a forensic tool post-event.
If businesses continue to use outdated web security solutions, how can they protect against an employee posting damaging or libellous comments about the company, or publishing sensitive commercial data on their feeds or uploading them to other cloud apps? The answer is they can’t. Traditional web security could only tell a CIO that a person has accessed the application, rather than details of the content or the post itself. As cloud application adoption continues to gather momentum, organisations need to step up to the challenge and embrace the advances that CAC functionality brings – or face the repercussions.

Ed Macnair, CEO at CensorNet

The post Is your web security cloud application proof? appeared first on IT Security Guru.