At Least 80% of Companies Are in the Cloud – How Can IT Protect and Enable it?

Scott Lang, Sr. Director, Product Marketing
April 14th, 2016

80% Companies in the Cloud

With growing use of cloud environments, there are even more avenues for would-be hackers or malicious insiders to inappropriately access sensitive data and disrupt organizations. So, with nearly 80% of companies reporting meaningful adoption of the cloud already – and believing more processes could be moved to that platform – it is incumbent on IT to enable it securely.

We’ve taken a look at three (3) common use cases where better security is needed to protect and enable the cloud. Read on to learn more.

Finding, Grouping and Scanning Cloud Assets

Unknown or undermanaged cloud environments can create a significant security gap that opens networks to security breaches, data loss, intellectual property theft, and regulatory compliance issues. The first step in getting control over cloud assets is discovery of cloud assets. Once cloud instances are found, they must be managed to limit exposure.

Solutions must discover all cloud instances in the environment, group cloud assets for secure management, and scan for vulnerability and access-related risks. Look for:

  1. A centralized solution that covers the majority of cloud workloads, including: Amazon Web Services (AWS), GoGrid, Microsoft Azure, Microsoft Hyper-V, Rackspace, IBM SmartCloud or VMware.
  2. Capability to inventory all cloud instances regardless of runtime state.
  3. The ability to group cloud assets and establish role based access.
  4. Vulnerability assessment, reporting and remediation that ties into your existing vulnerability management environment. This holistic view of vulnerability-based risks will simplify a security admin’s life.

Protecting Virtual and Cloud Management Consoles and Instances

Cloud and virtualization introduce new super user consoles into the mix. Consoles such as those for Amazon AWS and Office 365 provide administrators with tremendous control, enabling them to modify, delete, and add new servers, often with just a few clicks. Corporate accounts for Facebook, LinkedIn or Salesforce are similarly powerful – inappropriate access can severely damage a firm’s reputation resulting in significant financial loss.

Solutions must enable tighter control and accountability over cloud management consoles by discovering, onboarding, and managing and cycling passwords, as well as performing session management and reporting on access. Look for:

  1. Secure storage and session management for administrative credentials to cloud platforms, as well as social networks
  2. Broad platform coverage of cloud and social media platforms, like: Amazon AWS, Azure, Dropbox, GoGrid, Google, Office 365, Rackspace, Salesforce, Facebook, Instagram, LinkedIn, Pinterest, Twitter or XING.

Using a Cloud Access Service Broker

Many organizations utilize cloud access service brokers (CASBs) as a proxy for all cloud traffic. Usually implemented using reverse proxy (or a VPN connection), all internet-bound network traffic is funneled through these proxies to centralize access control and auditing. Most CASBs, however, deliver only generalized policies.

Solutions should improve on CASB functionality by providing a single tunnel to control and audit cloud access activities – specifically for privileged accounts and sessions. Specifically, look for capabilities that ensure that all access to all cloud assets are segmented, protected, monitored and recorded for auditing purposes beyond typical CASBs.

  1. Enterprise password management – Discover accounts, randomize, rotation, and check-in/check-out passwords.
  2. Session monitoring, management and recording – Record privileged sessions in real time via a proxy session monitoring service and enable dual control.
  3. Advanced workflow controls – Provide additional context to requests by considering the day, date, time and location when a user accesses resources to determine their ability to access those systems.
  4. Advanced segmentation – Route all remote access sessions through the proxy for management, reporting, and enforce segmentation from authorized connectivity and attack.

A more disciplined approach to protecting cloud instances – and having the capability to apply that same level of security to on-prem resources will go a long way in helping your organization get more from the cloud.

Want to learn more about how privileged access management and vulnerability management solutions can help? Download the technical brief on cloud security today!

Scott Lang, Sr. Director, Product Marketing

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.