Office 365, Salesforce, Box and Amazon Web Services (AWS) all have one thing in common – the Cloud.
Organisations like Forcepoint are spearheading a new approach to cybersecurity that focuses on understanding human behaviour and how users interact with critical data over networks of different trust levels to combat the use of compromised credentials.
Under the umbrella term of Human Centric Security, Forcepoint offers organisations a way of securing users and IP in a digital world that cannot be fully controlled.
By integrating Data Loss Prevention (DLP), User and Identity Behaviour Analytics (UEBA) CASB, web and email security plus network security, Forcepoint offers organisations risk adaptive protection solutions that understands the context and intent of the user to dynamically apply enforcement policies to activities representing the highest risk.
As cloud becomes all pervasive, the threats continue to evolve making it more important than ever before to have a human centric approach to threat detection and analytics.
By focusing on securing people and protecting them from compromise as they use the cloud from any location or device the organisation gains unparalleled visibility and control over valuable data assets as well as meeting any legal or regulatory requirements.
And if Gartner's prediction is correct that 60% of organisations will have adopted CASB by 2020, now is the time to be talking to customers about Human Centric Security to protect organisations from internal and external threats.
According to the Cloud Industry Forum (CIF), cloud adoption in the UK now stands at 88%, with 67% of users expecting to increase their adoption of cloud services in the next 12 months.
Interestingly, Gartner’s latest CASB Magic Quadrant found that today, only 10% of large organisations use Cloud Access Security Broker solutions to govern cloud services and they predict that within the next 18 months the adoption rate will rise to 60%.
Adopting a cloud or even a hybrid cloud strategy leaves organisations open to a myriad of security breaches.
Given the phenomenal adoption rates, you’d be forgiven for thinking that cloud and cloud application providers would be highly focused on providing security capabilities that address security blind spots.
At the simplest level, the cloud provider is responsible for the security of the infrastructure while its customers are responsible for their data and user activities on top of that infrastructure.
This means that security aspects such as user behaviour, access and usage policies, and compliance are the organisation’s responsibility.
The same holds true for unmanaged devices. Cloud application providers generally don’t distinguish between managed and unmanaged devices, nor do they provide compensating endpoint control capabilities.
It’s up to individual companies to secure access to cloud applications by both managed and unmanaged devices, as well as protect users and data, and detect and prevent cyberthreats.
CSO magazine neatly summarised the threats as the ‘Treacherous 12’ which include; data breaches, system vulnerabilities, account hijacking, malicious insiders and advanced persistent threats to name just a few.
This dirty dozen is why all businesses, especially highly regulated industries like Government, Finance, Retail and Healthcare need a CASB solution offering a range of security measures, including access control, firewall, identity management, anti-malware, DLP, encryption and threat management.
CASB sits between the organisation's on-premise infrastructure and SaaS or cloud applications acting as a gatekeeper so the company can extend the reach of their security policies past its fortress walls.
According to the Verizon Data Breach Investigations Report 2017, 81% of data breaches were caused by the hijacking of user credentials by hackers to gain access to internal systems and data.
The traditional approach of blocking threats that legacy vendors continue to offer is insufficient to fight the battle.