Cloud Services, A Good Trend Or Not?
What are the largest services that drive enterprise network traffic today? Is it the upload/download of data from corporate storage to mobile users and vice-versa? Is it access to internal corporate database information from a mobile user through a VPN? Is it the email server that the company is self-hosting from the basement and fetching 95% spam emails every day?
Well, the answer to all of that is no, network traffic to and out of the enterprises are 85% cloud-based service traffic. Yes, whether we like it or not, cloud computing is here, and we better be aware of cloud security. It is the driving force in order for companies, large and small to reduce their cost of operating a 24/7 nowadays without sacrificing productivity (as long as the Internet connection is consistent and stable). We are all moving from the classic desktop computer setup, where all the apps are installed locally towards the web-based applications. A user with a login credential can launch apps off the cloud, without the need to use a similar desktop app installed on the local storage device.
“As today’s enterprises embrace digital transformation and increasingly replace traditional web use with cloud service use, it is imperative to assess whether proper controls are in place to secure all traffic. While most tools are focusing on traditional web traffic, this significant shift to cloud usage is what’s causing security teams to go blind,” explained Jason Klark, Netskope’s Chief Strategy Officer.
As more organizations embrace the use of Google Docs and Microsoft Office Online, enterprise traffic will be redirected from the usual bottlenecked corporate data pipe to the online service providers, Google, and Microsoft respectively. That means the responsibility for maintaining apps falls on the good hands of the two mentioned online service providers, instead of the local IT team dealing with it on a daily basis. With it, the uptime of apps is 99.999% guaranteed, given that huge web service providers have tested redundant arrays of servers with reliable storage and power efficiency to keep up with the load. Contrast it to the limited bandwidth of a local network, including the limited time of IT staff to take care of all the IT issues that may happen on a daily basis.
“Criteria indicating this lack of enterprise quality in cloud services, include inadequate compliance certifications, DLP policy controls or encryption. This report found that 96.3% of services fall within this category, a 3.6% increase from the previous report,” added Klark.
According to Netskope, 1,295 cloud services are available for firms to choose from. They offer services for the SOHO-type of business operations up to the multinational and global-based business portfolio, all of them have various levels of cloud security infrastructure. Of course, that number includes companies that offer cloud-service, but have yet to establish themselves as a reliable and serious player in the space.
“There is no one-size-fits-all approach to properly securing an enterprise as it embraces new tools and technologies, but a clear understanding of traffic and proper vigilance should be a requirement for all,” concluded Klark. IT decision-makers need to be careful what specific cloud service to signcl-up for. This is due to the lock-in feature of each service, it is fairly difficult to switch from Office Online to GDocs and vice-versa. It needs careful planning, preventing premature commitment to service. A reliable service makes a firm operate smoothly, uninterrupted by the need to migrate to a whole different system down the road.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.