App Security in a Direct-to-Cloud Model

(Forcepoint, 2019)  Everyday more organisations embark on a ‘direct-to-cloud’ path.  This can lead to improvements in performance, operations and cost through the efficiencies achieved by remote and branch locations routing traffic differently.

But there’s more to consider when taking this approach – how it impacts cloud application usage and your security.

Impact of Direct-to-Cloud

Traditional environments have on-premises kit to support most business applications.  When migrating from a central hub infrastructure, does that mean there will be increased dependency on cloud applications?

Most likely, yes.

Increasingly more new business services are cloud hosted to leverage the benefits it brings.  Wins such as a more productive and enabled mobile workforce, reduced cost of operations, better scalability, business continuity, and so on.  Over time, many onsite solutions will likely have a migration path to the cloud.

Security Considerations for this New Approach?

Often organisations migrating business services to the cloud talk about retaining visibility.  Security teams typically have full visibility to the environment when services were hosted in house.  Now questions are raised such as:

  • Who is accessing the cloud service?
  • When are they accessing it?
  • Where are they accessing it from?
  • How are they accessing it?
  • What information are they accessing?

Cloud becomes the new attack surface

With a shared security responsibility model, the cloud becomes another attack surface.  An example – an employee using a personal device (BYOD) to access a sanctioned cloud service like Office365, will have access to the business information they need. However, the IT/IS team by default will  never see that traffic hit their infrastructure.

Accessing cloud apps using personal devices (BYOD)

In a cloud environment, we also need to think about compliance; and how  to keep the auditors happy.  Some areas to consider:

  • How do on-prem policies extend to the cloud?
  • Is a central console for compliance policy management needed?
  • Are current levels of visibility enough to achieve compliance in the cloud?

To achieve this, often a change of approach to security is needed.

Thinking Differently

Security in a cloud or hybrid environment doesn’t need to be complicated. It just requires us to think about it differently.  We do not have to dismiss the good approaches we have in place around on-prem security.  But cloud visibility and control needs to be added to the mix.  A cloud access security broker (CASB) can provide the visibility and control for cloud applications that organisations are looking for. In fact, Gartner listed CASB as one of the ‘Top 10 Security Projects for 2019’.

Adding cloud protection or CASB to an existing on-prem environment doesn’t need to be done in a silo. On the contrary, it becomes more effective if done in an integrated manner. This can be done in multiple ways. If you have web security already in place, you can augment it with a cloud application security solution. For example, Forcepoint Web Security comes with the ability to add cloud app control module to provide visibility and control over cloud applications in an integrated manner.

If the organisation is focused on data protection with a solution like DLP,  even that can be extended to the cloud to provide unified policy management.  No matter the start point, adding cloud security to it should be straightforward.  And regardless of where you are in the ‘direct-to-cloud” journey, the advantages of embracing a cloud/hybrid environment will transform your business.

Use this link to learn more about Forcepoint Web Security, CASB and more. You can also find more information on direct-to-cloud evolution from a network perspective in a recent Forcepoint blog here.

And if you’d like more information, shoot us a message via our enquiries.