A New Archetype for Mobile and Cloud Security
Instituting new processes requires an outside force that upsets the status quo and a leader who provides innovation that can set the transformations in motion. Game-changing events can happen in all areas of the enterprise, but in this case the focus is on cloud application security. It is clear that mobile and cloud technologies are changing the way people work, but they also alter the archetypal security structure.
No longer is it possible to establish an unbreachable perimeter because people and data are constantly flowing into and out of various networks and applications. To deal with this new reality, an improved security model that can handle the challenge is needed. Otherwise, users will continue to go it alone and organizational data will have a high risk of exposure.
Advances in mobile and cloud technology have altered the status quo — in the way people work, how business is conducted and especially how data is shared and protected. Providing information protection requires a security structure that can be easily maintained, but it also has to be designed in an innovative manner that takes into account this new paradigm.
Security for cloud enablement must offer visibility, identity management, policy enforcement and threat mitigation across multiple cloud services and providers. Of equal importance is implementing a protection schema that does not constrict users’ ability to take advantage of the technologies as they would in an unsecure environment.
New Products Required
The analyst community has noted that new product types are required to deal with the environment created by mobile and cloud technologies. Gartner called the solutions in this space cloud access security brokers (CASB); IDC named them cloud security gateways (CSG). There are some differences in the way the firms look at the market, but both agree that traditional security solutions do not provide the necessary functionality to service mobile and cloud architectures.
The new product type must accurately and easily identify and authenticate users, control access to applications across multiple cloud services and enforce data protection policies. It should also provide a central point of visibility into all users, devices and activities, flag malicious behavior and apply dynamic policy enforcement. As with all security solutions, these products must be able to report on the status of the environment to adhere to compliance requirements.
Satisfying the above requirements is a tall order. Creators need to apply innovative concepts when building a new product type that can leverage existing security capabilities such as identity and access management but design them such that the usage is unique to mobile and cloud environments. Since this is an emerging product category, the development of solutions will be an incremental process.
Cloud Security Enforcer
IBM’s Cloud Security Enforcer is a custom-built product that compiled leading security technology into a single platform. It addresses mobile and cloud security issues head on. Cloud Security Enforcer discovers and provides visibility into what applications are being used, collecting cloud activity data and tracking what data is accessed and by whom.
Cloud Enforcer makes it easy for users to connect to approved applications by providing identity and access controls using a federated cloud single sign-on model and offering connectors to popular applications. The product offers a number of protection capabilities including intrusion prevention, user and traffic behavioral analysis and zero-day threat protection. All of these activities are governed by policies that the system enforces.
To securely provide identity management, application control and analytics across a myriad of mobile and cloud technologies requires an advanced security technology. IBM has purposely built Cloud Security Enforcer to be the new archetype for mobile and cloud application security.