The recently published report by the Cloud Security Alliance (CSA) and Skyhigh, which surveyed IT professionals on how organizations are managing cloud adoption and risk, found strong evidence of the value enterprises derived from cloud adoption. The report states that 72% respondents indicate they saw lower upfront and ongoing costs, and 49% saw improved user experience from leveraging cloud services. While the benefits of the cloud have been widely acknowledged even in the most regulated industries, the report went deeper into the dynamics of onboarding cloud services, a necessary step before adoption.
While most companies have a process in place to evaluate and approve new cloud service requests by employees and business teams, the process comes with its share of pains, both in execution and in consumption of resources. As companies face an onslaught of new cloud service requests, they are looking for ways to expedite this vetting and onboarding process without compromising enterprise security and compliance requirements.
On-boarding cloud services is difficult
The CSA report finds that IT or security teams receive an average of 11 requests each month to evaluate cloud services. Given that respondents stated an average of 18 days for a security team to evaluate a cloud service, the process is harder to scale as requests are likely to grow in the future. Execution is not easy either, with 47% of the survey respondents saying they only partially follow the process in place. So, despite their best efforts, companies have a lot of ground to catch up in vetting and implementing new cloud services – the report shows that 71% say they have plans to offer more support for cloud to the lines of business.
CASBs simplify the onboarding process
One of the ways enterprises are simplifying the onboarding of new cloud services is by using Cloud Access Security Brokers (CASBs). By serving as the control point between the enterprise and the cloud, CASBs secure cloud usage by providing visibility into cloud services used, detecting threats from insiders and compromised accounts, and enforcing policies and encryption controls to maintain compliance and protect data. They simplify the onboarding process by helping enterprises:
1. Get visibility into all cloud usage
CASBs analyze company web traffic logs to provide visibility into all cloud services used by employees. By comparing the IP addresses to a comprehensive database of cloud services, they can not only provide the list of cloud services used, but also the amount of data exchanged and the users/teams within the company using these services. This information can be an important input during the vetting process because it helps the IT team see the entire spectrum of cloud services being used within the company and prioritize their evaluation efforts by demand.
2. Understand cloud services risk
CASBs can add substantial value to the evaluation process by helping the IT team understand the risk associated with the cloud service. CASBs maintain detailed information on cloud service attributes that span across user, data, device, legal and business categories. They analyze and condense this information into a risk score that informs the IT team on how secure the service is. This helps IT save valuable time and resources by not having to do the full due diligence themselves.
The IT team can also use this information to set baseline security requirements, so they don’t waste time evaluating applications that have high risk ratings. Equinix, the multi-billion dollar internet services company, used a similar process when they deployed Skyhigh’s CASB platform to understand cloud usage and risk. “Having those ratings from a source we can trust means we can cut time spent onboarding a new cloud service down to 3—4 hours,” said the company’s Global Information Security Officer, George Do. “It has allowed my team to become far more efficient, and I love the fact that Skyhigh continually updates its ratings because we would never have time to go back and regularly check up on approved services.”
3. Coach employees away from risky services
The CSA report found that the top reason for rejecting cloud requests is that there is already an existing solution (55%) followed by security reasons that included lack of provider trust (52%), encryption controls (46%) and DLP support (42%). If the IT team rejects a cloud request because there is an existing solution, they have to make sure that employees use the approved service and don’t revert to the less secure, Shadow IT option. CASBs help in accomplishing this using real-time coaching messages that pop-up when employees try to login to unapproved services and direct them to use the equivalent sanctioned service.
4. Enforce policies and controls on cloud services
Due to compliance and policy constraints, enterprises have fairly strict requirements in approving cloud services because they face the risk of employees uploading sensitive company data into the cloud or compromising systems to malware. CASBs provide an additional layer of security over cloud services by enforcing DLP policies, encryption and contextual access controls. Given that sensitive company data is restricted to company premises, companies have more flexibility in allowing users to find innovative tools and applications to get their work done.
Going forward, the massive increase in cloud adoption will likely cause IT teams to see a steady increase in request for new cloud services. Adopting CASBs helps them to speed up their onboarding process and enforce security controls without infringing on user creativity and innovation. As George Do of Equinix says “Overall, working with Skyhigh Networks has allowed us to not only enable our users to use the services they enjoy and that we trust, but has also allowed us to expedite the procurement process while reducing our overall risk posture. It has been a win-win for the entire organization.”