KEY REQUIREMENTS FOR CLOUD SECURITY

ENTERPRISE NEEDS FOR VISIBILITY, DATA PROTECTION AND COMPLIANCE

2CipherCloud | © 2016Key Requirements for Cloud Security

TABLE OF CONTENTS

Executive Summary

Enterprise Business SaaS Adoption

Data Governance & Visibility Rank as the Top Security Challenge

Cloud Access Security Brokers (CASB) are a Multi-Cloud Proposition

Cloud Discovery and Monitoring Require a Platform Approach

Most Enterprises Prefer Hybrid Deployments

Enterprises Want to Extend DLP from the Enterprise to the Cloud

Cloud User Activity Monitoring Requires Anomaly Detection Tuned for Cloud Activities

03

04

05

06

07

08

09

10

3Key Requirements for Cloud Security

EXECUTIVE SUMMARY

The rise of cloud computing in the enterprise began several years ago, with SaaS applications at the forefront of the adoption curve. What was initially an experiment has now matured into full-blown cloud implementations at an enterprise-wide scale. In many enterprise environments, the cloud is replacing entire sets of internal business processes.

requirements coalesce, demands for cloud security are shifting from tactical respons-es to strategic deployments. To understand the extent of this shift, CipherCloud has

telecommunications, retail, and other industries.

SaaS applications are well entrenched in the enterprise, led by Salesforce and Over 60% of the enterprises we interviewed have

companies are in various stages of cloud migration, often with concurrent deployments of SaaS and their on-premises counterpart applications.

Data protection, cloud visibility, and cloud access management are top require-ments for a cloud security platform: 72% of enterprises desire data encryption, 65% want cloud visibility, and 56% want cloud access management as part of a

Organizations want multi-cloud support in an integrated platform rather than Nearly 90% of the enterprises we interviewed

want multi-cloud enabled security mechanisms. This is a stark departure from the siloed, more tactical method of technology acquisition in the early days of cloud.

User activity monitoring, anomaly detection, and DLP are key components of cloud visibility: As part of the cloud visibility proposition, enterprises ask for data loss prevention, user activity monitoring, and automated anomaly detection.

Cloud security platforms require hybrid deployments: 63% of enterprises want a cloud security platform instantiated as a mix of on-premises and cloud-based

tions. Less than 10% require cloud-only deployments.

CipherCloud | © 2016

4Key Requirements for Cloud Security

ServiceNow, Box, Workday, and SuccessFactors round up some of the most popular business SaaS apps67% of enterprises we interviewed have adopted or are in the process of adopting Salesforce.

applications within the 150 enterprises interviewed.

ServiceNow and Box have penetrated over 30% of the enterprises we interviewed. ServiceNow in particular has seen a rapid increase in adoption in the past 18 months. HR applications, including Workday and SuccessFactors, also enjoy a healthy level of adoption in the enterprise market.

67%

26%

9% 7%

3%23%

22%11%

Evernote 62%

32%30%

FIGURE1: TOP BUSINESS SAAS APPLICATIONS THAT REQUIRE CASB CONTROLS

Salesforce

Workday

SuccessFactors

Office 365Google

Apps

ServiceNow

Box

Jive Yammer

Adobe Creative Cloud

FIGURE 1: Top business SaaS applications that require CASB controls

CipherCloud | © 2016

5Key Requirements for Cloud Security

Data Governance & Visibility Rank as the Top Security ChallengeData protection and privacy support rank amongst the top challenges78% of enterprises surveyed want better governance and visibility tools for cloud applications. Lack of visibility has consistently been a challenge for cloud users since the early days of cloud computing. Governance over cloud data also continues to rank high as a challenge for enterprise security professionals.

63% of enterprise surveyed view data protection as a top challenge for cloud adoption. By data protection, otect sensitive data from

unauthorized access. In addition, 43% of the respondents want support for privacy regulations. The myriad

surveyed want more controls that help them achieve and measure compliance for the regulations.

78%63%

43%

34%

18%12%

Data Governance & Visibility *Enforce Data Protection **Privacy Regulations Support Manage Government Data Access Requests Cloud Data Center Location and Data ResidencyIncident Response With Cloud

FIGURE 2: TOP SECURITY CHALLENGES FOR EMBRACING SAAS APPLICATIONS

78%63%

43%

34%

18%12%

Data Governance & Visibility *Enforce Data Protection **Privacy Regulations Support Manage Government Data Access Requests Cloud Data Center Location and Data ResidencyIncident Response With Cloud

FIGURE 2: TOP SECURITY CHALLENGES FOR EMBRACING SAAS APPLICATIONS

FIGURE 2: Top security challenges for embracing SaaS applications (150 respondents)

detailed evidence on how data is being handled in the cloud.** For data in transit, in use, and at rest.

CipherCloud | © 2016

6Key Requirements for Cloud Security

Cloud Access Security Brokers (CASB) are a Multi-Cloud Proposition Data encryption & cloud visibility are also top requirements89% of enterprises want a CASB solution to protect multiple clouds. The remaining 11% is experimenting with CASB on a single cloud basis today but expect to extend to other clouds in the future. These statistics

early days of cloud adoption.

In addition, 72% of enterprises want some form of data encryption as part of the cloud access security broker platform. 65% want more cloud visibility, including which cloud applications are utilized by their users, and how data moves around between their enterprise and the cloud environment.

89% - Multi-cloud support72% - Data & file encryption65% - Cloud visibility56% - Cloud access management

FIGURE 3:TOP REQUIREMENTS FOR A CASB SOLUTION

45% - Cloud DLP 36% - Access logging & audit31% - Cloud API protection 28% - Malware scanning23% - DRM for cloud content

*

**

FIGURE 3: Top security challenges for embracing SaaS applications (150 respondents)* Including third-party access management** Digital rights management

CipherCloud | © 2016

7Key Requirements for Cloud Security

Cloud Discovery and Monitoring Require a Platform Approach For the 98 out of 150 enterprises that stipulated the need for cloud visibilitymonitoring, they all want visibility to be delivered as part of a complete cloud security platform. In addition to standard functions like cloud application reporting and a risk assessment knowledge base with continuous updates, 70% want DLP, 56% want user activity monitoring, and 55% want data access reporting as part of the discovery/monitoring functions.

76%

72%

70%

56%

55%

20%

Enumerate the list of cloud applications accessed by users

Continuously update cloud risk assessment knowledge base

Data loss prevention

User activity monitoring and reporting

Data access reporting (reporting on who accessed which data)

Customizable cloud risk knowledge base

FIGURE 4: What enterprises want for cloud discovery & monitoring (98 respondents)

CipherCloud | © 2016

8Key Requirements for Cloud Security

Most Enterprises Prefer Hybrid Deployments Most enterprises want to deploy cloud security platforms with a hybrid mix of on-premises and cloud-based components. 63% prefer a hybrid approach while 28% wanted on-premises only deployments. Only 8.5% chose all-cloud installations (See Figure 5).

For those that want a hybrid or on-premises only deployment (136 respondents), the top reasons include maintaining encryption locally (85%), keeping all log analysis on-prand proxies (75%), and connecting to on-premises DLP systems (67%).

63%

28%

9%

Hybrid deployment: Cloud and On-premiseOn- premise onlyIn the Cloud only

85%

82%

75%52%

42%

40%32%

18%

Maintaining exclusive control over encryption keys

Log analysis performed on-premises

Integration with web proxies & firewalls

Real-time alerting

Real-time blocking functions

Integration with on-premises DLP systems

Integration with enterprise data storage

FIGURE 5: Deployment architecture for Cloud Security Platforms (150 respondents)

FIGURE 6: Non-functional requirements (136 respondents)

63%

28%

9%

Hybrid deployment: Cloud and On-premiseOn- premise onlyIn the Cloud only

CipherCloud | © 2016

9CipherCloud | © 2016Key Requirements for Cloud Security

Enterprises Want to Extend DLP from the Enterprise to the Cloud For those that want Cloud DLP (68 out of the 150 survey respondents), compliance reporting remains the top requirement. Beyond that, 78% want to extend existing DLP policies to the cloud . Outside of compliance reporting, the top enterprise Cloud DLP requirement is integration with existing enterprise DLP and leverage existing DLP policies to cloud applications (see Figure 7).

Cloud DLP is inherently context-based It should be noted that more than 60% of the 68 enterprises requiring cloud DLP want their DLP policies to be context-based, which includes considerations on user identities, location information, and device context. This is a visible departure from the more limited Regex-based DLP policies, which are commonly found in traditional enterprise DLP systems.

84%

78%

63%

34%

23%

18%

Compliance-based reporting (PCI, HIPAA, etc.)

Integration with existing enterprise DLP system & support the import of existing DLP policies

Enforce user & context-based policies

Whitelisting for DLP scanning

Enforce “view-only” & other DRM type of access controls

Execute Legal hold for data

TOP REQUIREMENTS FOR CLOUD DLP

55%

43%

23%

HealthcareFinancial ServicesOverall

CLOUD DRM REQUIREMENTS BROKEN DOWN TO TWO TOP INDUSTRIES

FIGURE 7: Top requirements for Cloud DLP (68 respondents)

FIGURE 8: Top two industries with DRM requirements (35 respondents)

Overall, only 35 out of the 150 enterprises we surveyed, approximately 23% expressed desire for cloud

such as IP protection and concerns over the leak of medical images.

Cloud User Activity Monitoring Requires Anomaly Detection Tuned for Cloud ActivitiesFor those that want cloud user activity monitoring (55 out of the 150 organizations surveyed), anomaly

for enterprise cloud access, and 65% want anomaly detection to include data and content-level anomalies (see Figure 9). These enterprises point to recent advances in machine learning capabilities to demand innovative anomaly detection as part of cloud user activity monitoring. This rwhere enterprise security professionals increasingly focus on risky and non-compliant user behaviors with cloud use, especially with respect to collaboration and information-sharing apps.

72%

Behavior analysis & anomaly detection*

34%

Support mobile access monitoring

Forensics drill down on activity logs

28%

User & device whitelisting

65%

Content-based anomaly reporting

41%

Geo-based user access reporting

21%

Integration with enterprise SIEM

32%

FIGURE 9: Top requirements for user activity monitoring (55 respondents)* Including machine learning technology

Guide to Cloud Data Protection

CipherCloud, the leader in cloud visibility and data protection, delivers cloud adoption while ensuring security, compliance and control. CipherCloud’s open platform provides comprehensive cloud application discovery and risk assessment, data protection—searchable strong encryption, tokenization, data loss prevention, key management and malware detection—and extensive user activity and anomaly monitoring services.

CipherCloud is experiencing exceptional growth and success with over 3 millionbusiness users across 11 different industries.

The CipherCloud product portfolio protects popular cloud applications out-of-the-

Named SC Magazine’s 2013 Best Product of the Year, CipherCloud’s technology

Transamerica Ventures, Andreessen Horowitz, Delta Partners, and T-Venture, the venture capital arm of Deutsche Telekom. For more information, visit www.ciphercloud.com and follow us on Twitter @ciphercloud.

Headquarters:CipherCloud333 West San Carlos StreetSan Jose, CA 95110www.ciphercloud.com

linkedin.com/company/ciphercloud@ciphercloud

sales@ciphercloud.com1-855-5CIPHER (1-855-524-7437)

All trademarks are property of their respective owners.RP-CC-CloudDPReport-031615v5

CipherCloud | © 2016