Ask Gene

Gene Stevens leads enterprise security product strategy for Verizon. He joined Verizon when it acquired ProtectWise, the network security company he cofounded.

Q: Companies are ramping up their use of the cloud. What’s the best way to do this without compromising on security?
 

A: It was good to hear that most (83%) companies are taking specific measures to protect their cloud-based apps and services. But are they covering all the bases? Only about half (52%) said that they block the use of cloud apps when they’re accessed from unknown networks, which is a basic precaution we’d like to see in all companies.

If you’re sending data to third-party cloud services like Salesforce or Microsoft Office 365, I’d also recommend that you consider using a cloud application service broker(CASB). This can bolster your security by encrypting and tokenizing all of the data you upload to these services,  and enforcing different levels of access based on the user’s device, location and OS.

But a CASB alone will not give you all the visibility into a public cloud environment that you need. If you’re deploying within the cloud, policy, configuration and access control are needed to enforce and track authentication and authorization. And yet, a visibility gap will still remain without an under-the-hood view into network traffic in public cloud environments.

To fill that gap, consider network detection and response technology that’s run from the cloud and can perform full packet capture, deep packet analysis and security analytics to help detect threats. Detection and response is also effective for identifying threats at the endpoint, where user devices such as smartphones and laptops are connected.
 

Q: With tens of thousands of web-based apps out there, how can companies vet those that their employees want to use?
 

A: Just under half (44%) of companies said that they restrict the use of cloud apps to those with a proven security rating. While the number that are malicious is probably limited, many will have serious vulnerabilities. App rating services, like Netskope’s Cloud Confidence

Index, offer companies a degree of reassurance that the apps they’re using meet their security requirements. They can help you understand your third- party risk, shortlist cloud services for adoption and identify compliance gaps so you can address them or arrange for compensating controls.

Q: Many organizations are reliant on file-sharing apps. Others have banned them. Do you think they’re worth the risk?
 

A: Although useful, file-sharing apps can introduce new security risks. It can be difficult to regulate who employees are sharing files with, and to keep track of which recipients have access. If you want to play it safe, it’s best to prohibit your employees from using file-sharing  apps completely—18% of organizations have already done so.

Ultimately, all of this should be part of a larger strategy for securing your digital transformation. Beyond setting policies for cloud-based apps, you need to protect your own company’s infrastructure. Security measures that are built into cloud services aren’t enough. Tools that deliver pervasive visibility into your entire environment and enable rapid detection and response should be part of your plan.