What You Need to Protect Your Cloud Apps and Data
6 factors to consider when looking for a cloud application security solution
If you are governed by security regulations, you must now expand your compliance level vulnerability scans, threat assessments, security controls, monitoring and management to your extended cloud based apps and data. This process starts with a Cloud Risk Assessment as part of a full security risk assessment.
2. Discovery and visibility of cloud apps and data storage (office, home, or mobile)
Cloud application security requires:
- Visibility & control of cloud apps must extend across all apps, including native clients on laptops, tablets, and smartphones, and whether users are on-premises or remote.
- Ongoing inventory of apps being used – you need to know what apps are being used and what new apps were just added.
- Who is using the apps? Are these users authorized to use these apps? Do they present an unrecognized threat?
- How are they being used? Are users viewing or uploading company data to the cloud? Is this allowed? It is common for employees to share files via cloud apps like DropBox. But little do they know that these apps, if not properly secured, can leak out confidential data.
- What data is being accessed? By classifying data, you can recognize when key sensitive data is being accessed and prevent data from being moved to the cloud unless it is secure and authorized.
Managing the cloud application security requires control of user access, app usage, and the data security itself. Areas of control need to include:
- Which users can access specific types of data
- The level of security used for user access to apps. Use of 2-factor authentication can be used to increase and enforce access control. Single sign-on can be used to increase security and make user access to apps easier.
- Which apps can be used
- How apps can be used
- Ability to encrypt key data transparently to users
4. Monitoring and adjusting cloud application security
Visibility tools must provide for ongoing monitoring in real-time and the ability to adjust controls to match changes, threats and violations.
5. Data loss prevention
Protecting key data means identifying and protecting sensitive data in as accurate and efficient manner as possible, across a multitude of both sanctioned and unsanctioned apps. You also might need support for critical workflows like quarantine and legal hold.
6. Anti-malware & threat protection
Many of the sanctioned apps within companies are laced with malware. And worse, sanctioned apps represent less than 5% of the apps being used by companies today.
- Cloud sync and share programs can easily spread malware.
- Cloud app usage demands the ability to detect and remediate malware such as viruses, APT, spyware, worms, ransomware, and more in sanctioned apps, en route to and from any app.
Using Cloud apps in the workplace carries a lot of security challenges. Companies need to act now to protect their business by selecting a cloud security app solution that is tailored to their needs. Working with a trusted IT partner can speed up the process of implementing the right solution, while also identifying specific areas that need immediate attention. If you want to conduct a Cloud Risk Assessment today and discover your level of cloud apps security, contact us!
The post What Do You Need to Protect Your Cloud Apps & Data? appeared first on Secure eBusiness Blog.
Source: eSecurity Blog