By 2020 the public cloud sector is expected to grow to over $400 billion, an increase of 35% from the expected market for 2018. Over the next two years, the fastest growing segment within the cloud market will be infrastructure-as-a-Service (IaaS), a trend that has persisted since 2016.
The expected growth in IaaS adoption is projected to accelerate the migration of workloads from enterprise data centers to the public cloud. According to Skyhigh research, over 60% of application workloads were still running on private data centers as recently as 2016. By the end of 2017, less than half of these apps were hosted in enterprise data centers.
However, as enterprises migrate to IaaS platforms, they quickly realize that they need an additional layer of security to ensure that their application workloads, platform services, and enterprise data are secure. To that end, Skyhigh is pleased to announce our continued commitment to providing innovative cloud security solutions with the launch of McAfee Skyhigh Security Cloud for Azure, making us the only cloud access security broker (CASB) to provide an exhaustive cloud security solution for IaaS, PaaS, and SaaS.
While Microsoft has built robust security features that protect the underlying infrastructure of Azure, cloud security’s shared responsibility model requires customers to ensure secure usage of Azure. The Skyhigh for Azure product is a comprehensive protection, monitoring, auditing, and remediation solution for enterprises looking to secure all of their Azure subscriptions.
“Moving applications, data and workloads to the cloud exposes enterprises to new threats and risks,” said Rajiv Gupta, Senior Vice President of the cloud security business unit, McAfee. “At the same time, the adoption of cloud allows organizations to transform their business. This is why we are on a mission to make cloud the most secure environment for business, and the introduction of our Azure security solution is an important step to fulfilling this mission for our customers”
Skyhigh for Azure provides an API integration with Azure infrastructure to enforce an exhaustive set of security controls to ensure enterprises can confidently leverage Azure to accelerate their business. Since enterprises often times have multiple Azure subscriptions, Skyhigh provides a single view for activities, threats, and security misconfigurations across every enterprise Azure subscription. Skyhigh addresses 5 key Azure security use cases:
1. Analyze and audit Azure security configuration to ensure compliance with external regulations and internal policies
Azure provides an extensive set of security configuration options for all their services. Some of the most common and critical services are:
- Virtual Machines (VMs)
- Identity and Access Management (IAM)
- Storage services including Blobs, Files, Queue, and Table storage
- SQL services
- Logging and monitoring services
- Network security groups
Skyhigh for Azure provides enterprises with a single platform to continuously monitor and audit Azure security settings. For example, Skyhigh will flag security misconfigurations such as an Azure user with write access to Azure resources not having multi-factor authentication turned on. This is an important setting because the damage from a compromised account of a user with privileged permissions could be far more substantial.
Skyhigh will also flag misconfigured settings such as when disk encryption is turned off on VMs. In total, Skyhigh monitors over 60 Azure security configuration settings across all Azure services, and flags those that are non-compliant with an enterprise’s security policies. In addition, Skyhigh provides in-product recommendations and best practices derived from the Center for Internet Security (CIS) benchmark and existing customers to correct misconfigured services.
2. Capture a complete audit trail of all Azure user activity for investigation in real-time
Skyhigh integrates with Azure to provide complete and granular visibility into how Azure is being used by all users across all Azure subscriptions, including unmanaged (user-adopted) Azure subscriptions. With Skyhigh for Azure, enterprises can easily detect creation, modification, or removal of Azure resources, including those made to networking security groups, SQL services, etc.
Skyhigh supports and dramatically accelerates post-incident investigation while decreasing incident response time. Skyhigh’s platform extends machine learning based activity categorization to Azure to streamline forensic investigations.
3. Detect compromised accounts, insider threats, privileged access misuse, and malware infections across all Azure subscriptions
Securing an Azure deployment requires customers to operationalize the shared responsibility model. While Microsoft is responsible for threats posed to the underlying infrastructure of Azure, including ensuring physical access and security, the customer is wholly responsible for the kind of threats arising from internal misuse or external threats.
This is a critical paradigm shift from how enterprises have historically operated with on-premises systems. More and more cloud security incidents are expected to be the fault of the customer, as evident by Gartner’s prediction.
“Through 2020, 95 percent of cloud security failures will be the customer’s fault” – Gartner
Skyhigh combines machine learning and user and entity behavior analytics (UEBA) to build a self-learning behavior model that can detect anomalous activity patterns in Azure that’s indicative of a compromised account, including excessive failed login attempts, brute-force attacks, login attempts from untrusted or disparate locations, etc. Skyhigh’s UEBA is also the only solution operationalizing a threat funnel to differentiate between anomalous behavior and real threats.
With this, Azure customers can protect themselves against malicious or negligent insider threats such as unwarranted escalation of permissions by a privileged user. Skyhigh correlates user activity within Azure with activities across all other cloud services to correctly identify actual threats while minimizing false positives.
4. Prevent unauthorized sensitive data from being stored in Azure storage services
Skyhigh’s content analytics engine discovers sensitive data stored in or uploaded to Azure storage services based on keywords and phrases, regular expressions, file metadata, structured/unstructured data fingerprints, keyword dictionaries, etc. Security administrators are provided with multiple automated remediation options including notifying the end user, notifying an administrator, and quarantining or deleting the file.
5. Extend activity monitoring, threat protection, and data loss prevention to custom apps deployed on Azure with no coding
As IaaS adoption grows, so does the number of custom applications that enterprises build and deploy on public cloud infrastructure. The average enterprise has hundreds of custom applications deployed in the cloud, and that’s expected to grow as IaaS adoption grows. Most of these applications are business critical and have strict security and compliance requirements.
Skyhigh enforces data loss prevention policies for sensitive data uploaded to custom apps, including protected health information (PHI), personally identifiable information (PII), and intellectual property to ensure compliance with external regulations and internal policies. Skyhigh’s platform approach allows enterprises to enforce the same policies and remediation actions across all cloud services, including SaaS, PaaS, and custom applications deployed on Azure.
Skyhigh also extends activity monitoring and threat protection to the custom apps built on Azure, including rapid detection and remediation of insider threats, privileged user threats, and compromised accounts. Best of all, the solution can be scaled out to any custom app running on Azure without writing a single line of code.
To learn more about our cloud security solution for Azure, request a demo today!