Upload
buiminh
View
217
Download
0
Embed Size (px)
Citation preview
KEY REQUIREMENTS FOR CLOUD SECURITY
ENTERPRISE NEEDS FOR VISIBILITY, DATA PROTECTION AND COMPLIANCE
2CipherCloud | © 2016Key Requirements for Cloud Security
TABLE OF CONTENTS
Executive Summary
Enterprise Business SaaS Adoption
Data Governance & Visibility Rank as the Top Security Challenge
Cloud Access Security Brokers (CASB) are a Multi-Cloud Proposition
Cloud Discovery and Monitoring Require a Platform Approach
Most Enterprises Prefer Hybrid Deployments
Enterprises Want to Extend DLP from the Enterprise to the Cloud
Cloud User Activity Monitoring Requires Anomaly Detection Tuned for Cloud Activities
03
04
05
06
07
08
09
10
3Key Requirements for Cloud Security
EXECUTIVE SUMMARY
The rise of cloud computing in the enterprise began several years ago, with SaaS applications at the forefront of the adoption curve. What was initially an experiment has now matured into full-blown cloud implementations at an enterprise-wide scale. In many enterprise environments, the cloud is replacing entire sets of internal business processes.
requirements coalesce, demands for cloud security are shifting from tactical respons-es to strategic deployments. To understand the extent of this shift, CipherCloud has
telecommunications, retail, and other industries.
SaaS applications are well entrenched in the enterprise, led by Salesforce and Over 60% of the enterprises we interviewed have
companies are in various stages of cloud migration, often with concurrent deployments of SaaS and their on-premises counterpart applications.
Data protection, cloud visibility, and cloud access management are top require-ments for a cloud security platform: 72% of enterprises desire data encryption, 65% want cloud visibility, and 56% want cloud access management as part of a
Organizations want multi-cloud support in an integrated platform rather than Nearly 90% of the enterprises we interviewed
want multi-cloud enabled security mechanisms. This is a stark departure from the siloed, more tactical method of technology acquisition in the early days of cloud.
User activity monitoring, anomaly detection, and DLP are key components of cloud visibility: As part of the cloud visibility proposition, enterprises ask for data loss prevention, user activity monitoring, and automated anomaly detection.
Cloud security platforms require hybrid deployments: 63% of enterprises want a cloud security platform instantiated as a mix of on-premises and cloud-based
tions. Less than 10% require cloud-only deployments.
CipherCloud | © 2016
4Key Requirements for Cloud Security
ServiceNow, Box, Workday, and SuccessFactors round up some of the most popular business SaaS apps67% of enterprises we interviewed have adopted or are in the process of adopting Salesforce.
applications within the 150 enterprises interviewed.
ServiceNow and Box have penetrated over 30% of the enterprises we interviewed. ServiceNow in particular has seen a rapid increase in adoption in the past 18 months. HR applications, including Workday and SuccessFactors, also enjoy a healthy level of adoption in the enterprise market.
67%
26%
9% 7%
3%23%
22%11%
Evernote 62%
32%30%
FIGURE1: TOP BUSINESS SAAS APPLICATIONS THAT REQUIRE CASB CONTROLS
Salesforce
Workday
SuccessFactors
Office 365Google
Apps
ServiceNow
Box
Jive Yammer
Adobe Creative Cloud
FIGURE 1: Top business SaaS applications that require CASB controls
CipherCloud | © 2016
5Key Requirements for Cloud Security
Data Governance & Visibility Rank as the Top Security ChallengeData protection and privacy support rank amongst the top challenges78% of enterprises surveyed want better governance and visibility tools for cloud applications. Lack of visibility has consistently been a challenge for cloud users since the early days of cloud computing. Governance over cloud data also continues to rank high as a challenge for enterprise security professionals.
63% of enterprise surveyed view data protection as a top challenge for cloud adoption. By data protection, otect sensitive data from
unauthorized access. In addition, 43% of the respondents want support for privacy regulations. The myriad
surveyed want more controls that help them achieve and measure compliance for the regulations.
78%63%
43%
34%
18%12%
Data Governance & Visibility *Enforce Data Protection **Privacy Regulations Support Manage Government Data Access Requests Cloud Data Center Location and Data ResidencyIncident Response With Cloud
FIGURE 2: TOP SECURITY CHALLENGES FOR EMBRACING SAAS APPLICATIONS
78%63%
43%
34%
18%12%
Data Governance & Visibility *Enforce Data Protection **Privacy Regulations Support Manage Government Data Access Requests Cloud Data Center Location and Data ResidencyIncident Response With Cloud
FIGURE 2: TOP SECURITY CHALLENGES FOR EMBRACING SAAS APPLICATIONS
FIGURE 2: Top security challenges for embracing SaaS applications (150 respondents)
detailed evidence on how data is being handled in the cloud.** For data in transit, in use, and at rest.
CipherCloud | © 2016
6Key Requirements for Cloud Security
Cloud Access Security Brokers (CASB) are a Multi-Cloud Proposition Data encryption & cloud visibility are also top requirements89% of enterprises want a CASB solution to protect multiple clouds. The remaining 11% is experimenting with CASB on a single cloud basis today but expect to extend to other clouds in the future. These statistics
early days of cloud adoption.
In addition, 72% of enterprises want some form of data encryption as part of the cloud access security broker platform. 65% want more cloud visibility, including which cloud applications are utilized by their users, and how data moves around between their enterprise and the cloud environment.
89% - Multi-cloud support72% - Data & file encryption65% - Cloud visibility56% - Cloud access management
FIGURE 3:TOP REQUIREMENTS FOR A CASB SOLUTION
45% - Cloud DLP 36% - Access logging & audit31% - Cloud API protection 28% - Malware scanning23% - DRM for cloud content
*
**
FIGURE 3: Top security challenges for embracing SaaS applications (150 respondents)* Including third-party access management** Digital rights management
CipherCloud | © 2016
7Key Requirements for Cloud Security
Cloud Discovery and Monitoring Require a Platform Approach For the 98 out of 150 enterprises that stipulated the need for cloud visibilitymonitoring, they all want visibility to be delivered as part of a complete cloud security platform. In addition to standard functions like cloud application reporting and a risk assessment knowledge base with continuous updates, 70% want DLP, 56% want user activity monitoring, and 55% want data access reporting as part of the discovery/monitoring functions.
76%
72%
70%
56%
55%
20%
Enumerate the list of cloud applications accessed by users
Continuously update cloud risk assessment knowledge base
Data loss prevention
User activity monitoring and reporting
Data access reporting (reporting on who accessed which data)
Customizable cloud risk knowledge base
FIGURE 4: What enterprises want for cloud discovery & monitoring (98 respondents)
CipherCloud | © 2016
8Key Requirements for Cloud Security
Most Enterprises Prefer Hybrid Deployments Most enterprises want to deploy cloud security platforms with a hybrid mix of on-premises and cloud-based components. 63% prefer a hybrid approach while 28% wanted on-premises only deployments. Only 8.5% chose all-cloud installations (See Figure 5).
For those that want a hybrid or on-premises only deployment (136 respondents), the top reasons include maintaining encryption locally (85%), keeping all log analysis on-prand proxies (75%), and connecting to on-premises DLP systems (67%).
63%
28%
9%
Hybrid deployment: Cloud and On-premiseOn- premise onlyIn the Cloud only
85%
82%
75%52%
42%
40%32%
18%
Maintaining exclusive control over encryption keys
Log analysis performed on-premises
Integration with web proxies & firewalls
Real-time alerting
Real-time blocking functions
Integration with on-premises DLP systems
Integration with enterprise data storage
FIGURE 5: Deployment architecture for Cloud Security Platforms (150 respondents)
FIGURE 6: Non-functional requirements (136 respondents)
63%
28%
9%
Hybrid deployment: Cloud and On-premiseOn- premise onlyIn the Cloud only
CipherCloud | © 2016
9CipherCloud | © 2016Key Requirements for Cloud Security
Enterprises Want to Extend DLP from the Enterprise to the Cloud For those that want Cloud DLP (68 out of the 150 survey respondents), compliance reporting remains the top requirement. Beyond that, 78% want to extend existing DLP policies to the cloud . Outside of compliance reporting, the top enterprise Cloud DLP requirement is integration with existing enterprise DLP and leverage existing DLP policies to cloud applications (see Figure 7).
Cloud DLP is inherently context-based It should be noted that more than 60% of the 68 enterprises requiring cloud DLP want their DLP policies to be context-based, which includes considerations on user identities, location information, and device context. This is a visible departure from the more limited Regex-based DLP policies, which are commonly found in traditional enterprise DLP systems.
84%
78%
63%
34%
23%
18%
Compliance-based reporting (PCI, HIPAA, etc.)
Integration with existing enterprise DLP system & support the import of existing DLP policies
Enforce user & context-based policies
Whitelisting for DLP scanning
Enforce “view-only” & other DRM type of access controls
Execute Legal hold for data
TOP REQUIREMENTS FOR CLOUD DLP
55%
43%
23%
HealthcareFinancial ServicesOverall
CLOUD DRM REQUIREMENTS BROKEN DOWN TO TWO TOP INDUSTRIES
FIGURE 7: Top requirements for Cloud DLP (68 respondents)
FIGURE 8: Top two industries with DRM requirements (35 respondents)
Overall, only 35 out of the 150 enterprises we surveyed, approximately 23% expressed desire for cloud
such as IP protection and concerns over the leak of medical images.
Cloud User Activity Monitoring Requires Anomaly Detection Tuned for Cloud ActivitiesFor those that want cloud user activity monitoring (55 out of the 150 organizations surveyed), anomaly
for enterprise cloud access, and 65% want anomaly detection to include data and content-level anomalies (see Figure 9). These enterprises point to recent advances in machine learning capabilities to demand innovative anomaly detection as part of cloud user activity monitoring. This rwhere enterprise security professionals increasingly focus on risky and non-compliant user behaviors with cloud use, especially with respect to collaboration and information-sharing apps.
72%
Behavior analysis & anomaly detection*
34%
Support mobile access monitoring
Forensics drill down on activity logs
28%
User & device whitelisting
65%
Content-based anomaly reporting
41%
Geo-based user access reporting
21%
Integration with enterprise SIEM
32%
FIGURE 9: Top requirements for user activity monitoring (55 respondents)* Including machine learning technology
Guide to Cloud Data Protection
CipherCloud, the leader in cloud visibility and data protection, delivers cloud adoption while ensuring security, compliance and control. CipherCloud’s open platform provides comprehensive cloud application discovery and risk assessment, data protection—searchable strong encryption, tokenization, data loss prevention, key management and malware detection—and extensive user activity and anomaly monitoring services.
CipherCloud is experiencing exceptional growth and success with over 3 millionbusiness users across 11 different industries.
The CipherCloud product portfolio protects popular cloud applications out-of-the-
Named SC Magazine’s 2013 Best Product of the Year, CipherCloud’s technology
Transamerica Ventures, Andreessen Horowitz, Delta Partners, and T-Venture, the venture capital arm of Deutsche Telekom. For more information, visit www.ciphercloud.com and follow us on Twitter @ciphercloud.
Headquarters:CipherCloud333 West San Carlos StreetSan Jose, CA 95110www.ciphercloud.com
linkedin.com/company/ciphercloud@ciphercloud
[email protected] (1-855-524-7437)
All trademarks are property of their respective owners.RP-CC-CloudDPReport-031615v5
CipherCloud | © 2016