A new approach for cloud security: transparency in an opaque world

9 May 2018, Retail, Wholesale, Manufacturing, Real Estate, 4 min leestijd

Currently the GDPR is the main topic as regards data security. But the safety of organisations is, of course, something that entails much more than just the law that will come into force on May 25th. It’s something that is affects us at all times. So, in this blog, I will focus on the broader picture and answer the following question: how do you ensure effective and comprehensive protection in a multi-cloud IT landscape?

Of course there are always present-day developments which will directly affect the security policy of organisations such as the GDPR. But that’s not what I want to cover in this blog. What I would like to discuss here are the more gradual developments that have been occurring for some time now. Developments with regard to security policy that affect every organisation and offer a new challenge for IT and security managers. 

I’m talking about the following two developments:

1# From best-of-suite to best-of-breed
​It is becoming increasingly common that departments are refusing to mould their tasks and processes into the ‘straitjacket’ of an all-in-one business suite. Because of that, the best-of-suite approach is losing ground and the best-of-breed approach is gaining the upper hand. An approach where departments are selecting specific solutions for specific tasks, and often the best one available in their sector. It’s also often a cloud solution because it provides flexibility, speed, and maximum relief. However this can create a more complex and also confusing landscape, because sometimes departments or individual employees purchase these cloud solutions themselves, without the IT department being informed. It can therefore be very challenging to create a complete overview of data security and its possible weak spots. Gartner has even predicted that in 2020 a third of all digital burglaries will be blamed on the use of the so-called shadow-IT with, as a consequence, heavy fines, reputation damage, and increasing distrust by clients.

#2. Smart cooperation with specialists
In recent years, the virtual wall surrounding organisations has slowly but surely crumbled. R&D departments involve customers and other companies in the designing process. Supply chains are now more than ever directed outwards, as a result of which suppliers and logistic partners are regularly logging-in to organizations’ environments. And we work more often in so-called digital workplaces that enable us to meet with colleagues at a distance, or to work together with business partners on projects. In short, IT landscapes are more often functioning as an ecosystem in which our own systems and our partners’ systems have to work together. Certain safety principles are therefore needed, principles that are in line with the changing law and regulations and that will help you to decrease the risks in such an ecosystem, without hindering the availability of data.

This presents a number of challenges
As soon as you’re slowly evolving towards a best-of-breed approach, employees and departments are more often likely to go and work on the basis of self-service. As a result, IT will have less control of the situation. It is therefore important to get a proper, comprehensive overview of your security in this diverse landscape of (sometimes) self-chosen cloud applications.

Imagine a situation where someone logs in on application A from Australia and two minutes later logs in on application B from Belgium. Observing these actions individually would not raise any suspicions. However, if you compared the two, it is, to say the least, remarkable.

Another example: your organisation decides to involve a specialist partner with the R&D process in order to design a better product. You work together in one single environment and all goes well until that partner suddenly runs off with all your data. Data which took 5 years of research to gather.

An integrated vision of cloud security

At Ctac we don’t just simply follow the recent developments concerning security, we look at the broader picture. We think it is very important that the security policy of an organisation adapts to the way the IT landscape is continuously changing. That’s why we also offer, besides our standard security solution offering, a service for the proactive protection of multi-cloud environments. In short, a service that will detect suspicious behavior at an early stage in the entire application landscape – across all clouds. It will provide organisations with a complete overview of the agile hybrid cloud landscape.

But how effective are existing measures? Where are the weak spots that require attention? And also: what happens in the worldwide dark web and to what extent will that affect your systems and applications? These are all issues which our solution will provide more insight about. We continuously adapt the detection methods to reflect recent developments so that you will not need to adjust your system every time things change. Additionally, we will also keep track of all the activities that are approved, so you will be able to hand over real-time reports to compliance managers and auditors at any moment to demonstrate that your organisation meets the latest laws and regulations and any possible required certifications.

More information?

On June 5th, we would be happy to provide you with more information about this solution during a special webinar on this topic. We will explain how to create a central overview of your security in a decentralized multi-cloud environment so that you will be able to spot whatever happens in your application landscape and detect any strange activities at an early stage.

REGISTER today for the webinar ‘Security in a multi-cloud environment’.