List: The tools to protect data in the cloud and identify shadow IT.
The decision to move to the cloud for businesses looks like a relatively simple one, the promise of increased agility, time to value and cost savings all form part of a well rehearsed sales pitch.
While there are numerous benefits, cloud has always suffered with a label of being less secure than traditional on-premises IT environments. This label is something that cloud vendors have fought against and it has led to the creation of cloud specific security tools that are designed to alleviate any concerns.
CBR highlights some of the best cloud security tools available today.
1. Skyhigh Networks
Skyhigh Networks, which specialises in cloud security software, has a range of products that are designed to help businesses discover what services employees are using, analyse the risk, and enforce security policies.
The company offers products aimed at a number of popular cloud services such as Salesforce, Box, Office 365, Dropbox and more.
The Skyhigh for Shadow IT product is aimed at discovering all cloud services that are in use including, SaaS, IaaS, and PaaS. It offers detailed statistics on the amount of people accessing the service, and upload and download volumes.
The idea behind this is to give IT a clear insight into what exactly is being used and to control that use.
One of the additional features that it offers is the ability to use machine learning algorithms to identify anomalous behaviour.
This can include excessive access and data removal events, giving the business full insight into any potentially malicious activity.
Operating as a Cloud Access Security Broker (CASB), CipherCloud offers the Trust Platform which, like Skyhigh Networks, allows IT greater visibility into what cloud technologies are being used and where the data is going through activity monitoring and anomaly detection.
In addition to these discovery capabilities, the platform offers the ability to protect sensitive data with DLP, encryption and tokenisation, as well as controls to enforce compliance policies across multiple clouds.
One of the strengths of the platform is the ability to cover numerous file sharing applications such as Box, OneDrive, Google, Dropbox, SharePoint, Office 365, and numerous CRM programs.
Integration with CRM platforms such as Salesforce and SAP means that it can help to remove compliance concerns for sensitive customer data.
Boxcryptor is a tool designed to encrypt all business data on the fly using the AES-256 and RSA algorithms. Calling itself a cryptographic virtual hard-disk, it stores encrypted data in a directory of the user’s choice which can be a Dropbox folder, SkyDrive directory, Google Drive folder and more.
The tool is capable of encrypting files and data before they are uploaded to the cloud, which can be done on the fly as files are dropped into designated folders.
Multiple platforms are supported such as Windows, Mac OS X, iOS, Android, Windows Phone, and Google Chrome.
Two versions of the tool are available, Classic and Portable. The Classic version started off as a solution specifically designed for Dropbox but now supports all main cloud provided.
The Boxcryptor Portable version allows for no local installation, no local file sync and it doesn’t require administrator rights, so it can be easily set up by the average business user.
Zscaler offers several different products on its platform that are all focused on cloud security. The Cloud Firewall product handles aggregate traffic at over 100 million sessions per second and provides native SSL inspection.
Users are able to define firewall policies by application, user, and location, while a single management console aims to make it easy to manage security policy and enforcement.
One of the strengths of Zscaler’s offerings is that it inspects every byte of traffic, so it should be easier to see and control the applications that are in use in the organisation.
Like Skyhigh and CipherCloud, one of the big focuses of the product is on Shadow IT through a cloud based architecture.
The company says that its tools are different because it is built on a scalable, global proxy platform which monitors all the traffic, rather than just looking for non-sanctioned cloud app use compiled from customer logs.
Centrify focuses on identity management across devices and applications. The Centrify Identity Platform is said to secure access to applications and infrastructure from any devices for all users, something that is particularly handy for a business with increased BYOD use.
Among the tools offered are MFA anywhere, which prevents compromised credentials from gaining access by implementing a multi-factor authentication across every users and every IT resource.
The Cloud and on-premises apps tool is designed to secure access to cloud applications in addition to legacy software. Features include a cloud app user provisioning tool called Centrify Identify Service (CIS).
CIS works by enforcing identity-based policies throughout the full app and device lifecycle and allows for the instant termination of users’ access to all managed devices and apps through the changing of their directory status.