You are here

Is CASB A Pre-Requisite After Safe Harbour Changes?

Written by admin Category:

The use of SaaS applications continues to grow, with Forrester predicting over $78B in revenue being generated in 2015, a compound growth of 9.14%*.  It makes their use in your business kind of inevitable.

With the recent Safe Harbour ruling (if you’ve missed it, the ECJ has invalidated the 16 year old agreement that enables US businesses to transfer EU citizens personal data to the US) and the fact that these app's are consumable by nature it gives IT two big problems:

  1. Visibility - how do you identify what applications are being used, what data is in the Cloud and what potential policy violations you may be exposed to?
  2. Control - how can you apply security controls for sanctioned and unsanctioned Cloud app's?  

Adding to that the view from Netskopes recent survey**, that 92% of Cloud app's aren’t enterprise ready, and 17.9% of files stored in enterprise-sanctioned cloud app's constitute a data policy violation, means that gaining visibility into the Cloud applications being used and being able to secure your data before it gets to the Cloud will be a vital part of your security infrastructure moving forward.

The Challenges

When we speak to customers about using Cloud app's there are two schools of thought: Cloud first, or Cloud never.  

Regardless of your position there are three main challenges: firstly, how do you gain visibility over the applications and data being used in the Cloud?  Traditional security infrastructure just doesn't provide the level of visibility and even the "Next Generation Firewall" doesn't hold any context on the providers themselves.

Secondly, if you don't have this level of visibility and your security infrastructure is limited to port and protocol, or whitelist / blacklist, you can't apply the level of policy control that you need - even if you can see the application you don't build policy based on the data itself.  

The third issue is visibility into the Cloud providers themselves - without an understanding of their infrastructure and data management approaches how can you decide whether they're "enterprise ready" or not?  How can you assess the risk?

Enter The CASB (Cloud Application Security Broker)

CSBs are software tools / services that sit between an organisations on-prem infrastructure and the Cloud provider, acting as a gatekeeper that allows you to extend the reach of your security policies.  It’s one of the hot topics, with Gartner predicting that by 2017 it will be a vital part of any SaaS deployment.  

A key feature for CASB platforms is their ability to provide visibility into what Cloud app’s are being used regardless of whether they’re sanctioned or unsanctioned, and then being able to apply policy against those applications. 

This fixes two problems, firstly it’s impossible to prevent what you can’t see, so gaining sight of the app's being used is the first step.  Once you've got visibility, the policy engines within the CASB platforms enable you to apply security policies based on the data you're storing and the potential risk of the application being used.  These policies could range from disabling access completely to enabling them and encrypt the data as just some basic examples.

The key, and a big differentiator between CASB and traditional security platforms, is that you can do this based on the risk to your data.  It's not just a whitelist or blacklist situation - instead they often consider factors like the quality of datacenter, the providers data management approach and the level of resilience in their systems as part of scoring that risk.  

An often overlooked additional benefit has nothing to do with security, instead it's about vendor management.  Once you know the applications being used, you can identify overspend/underspend on software licensing and actually do something about it - it may be you adopt the app's users want or prevent them and drive them to corporate approved app's.

Should The Safe Harbour Ruling Change Things?

In my mind, although the Safe Harbour ruling will cause concern, it isn't a surprise that the decisions been made.  I think most people have been expecting it for some time, with many businesses taking the view some time ago that their data isn't to leave the EU or the UK.  

The changes in regulation and the lack of clarity around the risks of storing data in the Cloud will only enhance the value and importance of CASB systems - ultimately if you have a platform that gives you full visibility into what's going on with your data, and a mechanism to apply policy controls then it puts you back in control so that you can get the most from Cloud app's.  Having businesses be more conscious of what they're doing with their data is no bad thing.

So whether you're looking at adopting Cloud applications but you want to do it securely, or if you want to gain visibility into the unsanctioned applications being used then CASB is a market sector that you need to start considering.

 

If you’d like to find out more about Nephos, CASB or if you'd like us to tell you what Cloud applications are in use in your network then get in touch today by Email

 

*source: Forrester’s Global Public Cloud Computing market size analysis and forecast for the years 2011 to 2020

** Netskope Report: http://bit.ly/1Ps4XK5

About Nephos Technologies

Nephos Technologies is an independent Systems Integrator for the Next Generation Data Center; providing consultancy, management and technology services to organisations seeking to utilise cloud technologies and economics, whether that is on-site, off-site or a hybrid based approach

 

News And Events

London 01.03.2017 - Nephos Technologies, a leading independent provider of next generation datacenter infrastructure, has been selected by UK architectural practice, Glenn Howells Architects (GHA), to deliver a next generation infrastructure, based on hyper-converged, Cl

LONDON 06.02.2017 - Nephos Technologies, a leading independent provider of next generation datacenter infrastructure, has been selected by international engineering firm, Holmes, to deliver a centralised, Cloud-integrated storage system to enable global collaboration.

IRVINE, CA– August 20, 2015 (GLOBE NEWSWIRE) AllDigital (OTC:ADGL) is pleased to announce that its video workflow product, AllDigital Brevity, will be on display at IBC-2015 in Amsterdam from September 11th to 15th at the Micro

Nephos Technologies has been Shortlisted by CIO Review for the 20 Most Promising Storage

London, LDN (April 25th, 2013) - Nephos Technologies, a leader in Cloud Services Brokerage, is proud to announce that it has been included as one of only four “Cool Vendors” by leading analyst Gartner in their “Cool Vendors in Cloud Services Brokerage, 2013” report published on 18 April 2013 by Tiffani Bova, Daryl C. Plummer, et al.

Nephos Defined: Get Hands on Experience Delivering Enterprise File Services in Microsoft Azure

Live Webinar | Tuesday, 29 June | 10:00 a.m. GMT

Unstructured data is being generated at exponential rates, generating real value for those that can analyse it, with the compute power needed to process it rising too.  This combination makes it vital to find new, more scalable ways of storing and protecting that data.

Join Nephos Technologies and some of our leading partners at a half day event where we'll be discussing the evolution of the datacenter, and how new disruptive technologies are giving enterprise organisations a more efficient and sustainable datacenter infrastructure.

28 Aug 2015

IBC, Amsterdam 2015

Nephos Technologies, recently recognised by CIO Review magazine as one of the worlds top 20 Storage Solution Providers, will be present at this years IBC conference in Amsterdam, working alongside our partners Cleversafe and AllDigital to discuss how your organisation can benefit from our experti

This event is aimed at organisations that may be looking to create global file systems, enable collaboration, simplify their branch office environment or may just be looking for a new way to reduce the on-going costs of their storage infrastructure.