Making sense of cloud-based security
By Sumit Bansal December 5, 2014
- Increasing complexity in securing devices accessing enterprise data from anywhere
- A good cloud-based or cloud-managed security product can address these issues
AS businesses become more globalised, many organisations are leveraging new technologies to give their employees access to information and the corporate network outside the office.
While mobility and bring-your-own-device (BYOD) do offer significant productivity advantages, this makes organisations more vulnerable to cyberattacks.
Security managers are also daunted by a lack of security planning, and the increasing complexity in securing a groundswell of devices that are accessing enterprise data from anywhere.
Cost, compliance and mobility
It is not just large organisations which face sophisticated security threats, but also small and midsized businesses (SMBs). According to a Ponemon Institute study commissioned by Sophos last year, 87% of SMBs face targeted cyberattacks with 42% citing lack of budgets.
Also, 44% of SMBs do not see a strong security policy as a priority and 31% said there is no one person within the company in charge of making security decisions.
This shows that lack of security planning and tight costs are business challenges faced by smaller companies.
In addition, there are the security challenges presented by BYOD. With BYOD, customer lists, account numbers, marketing and business plans and other sensitive data are likely to reside on employees’ own computing and mobile devices.
There is also the risk that mobile devices will be lost or stolen along with the corporate and confidential data stored on it.
Mobility has compelled employees to be responsible for their own security. However, most choose to ignore it as they do not know how to install, update and properly use software.
Employees may also unknowingly blur the lines between work and play by using work systems for personal tasks such as social media usage, which can give rise to social engineering opportunities by cybercriminals.
Additionally, the security software and policies of many mobile employees easily become outdated, and they are then unable to access the network when they return from working away from the office.
Therefore, a layered security approach which originally combined network security with local device configuration and software maintenance, fails.
Security via the cloud
In order to achieve a balance between productivity, cost-effectiveness and security, a good cloud-based or cloud-managed security product should be used to address these issues.
This should be a product that upgrades automatically; protects across data, endpoints, systems and devices; and which does not require complex server setups or infrastructure maintenance.
Organisations should look out for the following features when choosing a cloud security solution:
1) Strikes a balance between protection and convenience
Effective managers always have the same advice: Give employees what they need to be successful without getting in their way.
It is therefore crucial to find a cloud-based security solution that can protect remote and roaming employees, while being easy to configure to guard against the latest threats.
A good solution can enable an organisation to manage security simply and effectively with a single cloud-based management console, so that organisations can gain clear visibility and easily manage the myriad of devices and user behaviours. This can ultimately lead to cost savings and greater efficiency, especially for SMBs.
2) Secured endpoint access
The solution should include advanced anti-malware, web security and filtering, and mobile device management. It should be able to secure Windows and Mac computers as well as mobile devices.
Other traits to look for include protecting users from infected websites, enabling administrators to set safe and acceptable web use policy and web filtering, and preventing access to unwanted removable storage devices such as USB devices, as well as enabling BYOD by allowing organisations to easily manage mobile devices and security policies together.
3) Web protection for users
Since employees inadvertently manage their own security, a good cloud solution should also ensure safer web browsing and protection for end-users.
This includes protection from malicious and infected websites, and being able to detect and block exploit codes.
The solution should also enforce safe and productive web usage such as a time-based policy to limit non-business related browsing and a predefined policy to set policies to address security and compliance requirements.
Sumit Bansal is the director for Asean at Sophos
42% surge in targeted attacks, small businesses have bullseye painted on
Beware ‘street BYOD,’ say Gartner analysts
Gen-Y has no time for corporate BYOD policies: Fortinet survey
To BYOD or not to BYOD
Startups, very small businesses need to harden mobile defences
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.