An on-premises or cloud-based security policy enforcement point that is placed between cloud service consumers and cloud service providers are referred to as a cloud access security broker (CASB). It combines and interject enterprise security policies as cloud-based resources are accessed. CASB vendors are increasingly used by organisations to address cloud service risks, enforce security policies, and comply with regulations.
However, more is needed to secure cloud computing than merely cloud access security brokers. CASBs which operates between cloud services users and cloud applications, is an important part of cloud security, but in a zero-trust architecture, it is only one aspect of a holistic framework needed. With cloud adoption increasing, understanding the following four pillars and how they function together is essential to create a robust cloud security environment.
Visibility and compliance
Continuous efforts should be made to enable ongoing insight into the entire cloud environment for an effective cloud security solution. Agencies need an all-encompassing inventory of what they have in the cloud and should include aspects such as servers, cloud provider services, users, and cloud tools like load balancers. If agencies use multi-cloud solutions from different providers, a centralised inventory of all cloud-based assets assists in simplifying the management of a complex and manually intensive system to develop and maintain. The best security solution would be the automation of the entire inventory process.
To determine what controls are needed to secure data and endpoints, using a security framework for assessment helps but these tools can be complex or confusing for IT professionals who are not security experts. A cloud security solution that automates the framework implementation and provides continual reporting and remediation controls is recommended. Auditing controls should be included as well since many government organisations require it.
An effective security solution for data security requires the accurate labelling of data and an indication of the level of sensitivity. Controls should stipulate where specific data types could be situated, such as in a software-as-a-service application or cloud-provider storage, whether data is publicly exposed and who may access it. CASB tools enable role-based data access, bringing that layer of protection down to the data level itself.
Cloud security requires inspecting activity automatically and continuously to detect any anomalous or malicious activity. Platform as a service involves providing security for end systems, managed services or different workloads running inside the cloud – commonly. It has two key components including automated vulnerability management and constant operational security. Automated vulnerability management allows the identification and prevention of vulnerabilities across the entire application lifecycle by focus on risk for cloud-native environments. Constant or ongoing operational security includes a compute engine or compute workload.
Traditionally integral to on-premises environments, network protection is but is equally important for the cloud. The two major components of network protections include micro-segmentation to isolate workloads from one another and secure them individually by putting up roadblocks between applications and workloads. Micro-segmentation both contains and segments the app and its operating environment to minimize any damage.
Another critical component of network protection is to control live “inline” flow of traffic, Authorised users should be allowed to securely access cloud-based data they need while providing threat visibility into what activities they are performing.
The final pillar includes mapping user and machine identities to what they are authorised to perform on the network. Users should only access the applications at the level they need to perform their tasks while ensuring the machines can only communicate with other machines needed to accomplish their application.
These four pillars are the basic requirements of a multi-layered approach for all-inclusive cloud security, but it cannot be achieved by a single technology, CASB or other solution. A holistic framework is needed for this unpredictable time of remote work and as agencies increase their cloud adoption, shift IT practices, and tenacious cyber adversaries.
Take your business connectivity guide to find the perfect solution for your business!