“Cloud” technologies entered our life relatively recently, but without them, it is already unthinkable. In this partner material, together with IT-Integrator and Cisco, we discuss why cloud access security is so important and what tools can be used to ensure it.
How Do We Use The Clouds?
By purchasing a modern smartphone, anyone automatically becomes a user of Google or Apple services. These are “clouds”. When launching a new or expanding an existing business, companies often try to save on capital investments in IT infrastructure and purchase resources from a local data centre or global providers such as Amazon or Azure instead of hardware servers. These are also “clouds”.
Software companies are increasingly practising the distributed development model, bringing in programmers from all over the world to collaborate on projects. These are just “clouds”. Even government agencies are gradually “moving” to data centres to optimize costs and improve the quality of service. Yes, complying with several strict legal requirements is necessary, but these are also “clouds”.
“If computing resources are leased in the cloud (IaaS, Infrastructure-as-a-Service) or service is purchased from the cloud, for example, e-mail or electronic document management (SaaS, Software-as-a-Service), the task is to provide access to them. Accordingly, the task immediately arises to secure such access from malicious actions of cybercriminals or erroneous actions of employees,” says Dmitry Zhukovsky, director of the information technology department of IT-Integrator.
Why Is Cloud Access Security So Important?
Connecting to all of these clouds is easy, but managing them is not easy. Which employees are currently related to your cloud resources? What are their powers? What happens to the data? To answer at least these, the most important questions (and there are many more!), Practical tools are needed.
During the quarantine restrictions, telecommuting has become the standard for most companies. The concept of VPN (Virtual Private Network) is firmly established in everyday life of people even far from IT professions. “However, this proven and reliable technology is not all that is needed to provide truly secure remote cloud access. VPN technology provides “just” secure transport. This is necessary, but not enough,” says Dmitry Zhukovsky.
How Can You Secure Access To The Clouds?
Cloud security and access to it is a wide range of technologies applied in real-time to protect networks, services, applications and sensitive data from cyber threats.
The functions of CASB class solutions are implemented based on a specialized software controller that manages the lifecycle of the cloud client. For clarity, let’s compare this model with a traditional VPN connection and to implement only transport security, two components are sufficient: a VPN gateway and a VPN client. When using CASB, there are already three components: an access gateway, a client, and an intelligent controller.
This third component controls the whole process. So, when a request comes from a client to access the cloud (to data, to applications), the controller redirects the client to the correct network gateway. But the resources to which the gateway can connect users are available only to those authorized by the controller and only to the extent determined by the controller.
One of the best systems of this kind is Cisco Cloudlock, which gives you complete control over what users do and what they store in the cloud. Namely, where and how they connect and, thus, even implement the Zero Trust model – “zero trusts” – providing access in compliance with the principle of minimum necessary authority.