Fact: today’s perimeter is not your grandfather’s perimeter.
With the explosion of cloud applications, keeping data safe within the four – or 4,000 – walls of your network is a different game than it was even five years ago.
Your users are equipped (sanctioned or not) with powerful SaaS applications for data creation, collaboration, and distribution, extending your perimeter beyond traditional boundaries – and that’s okay. These applications have tremendous business value.
But, what does this mean for security? Rather than attempting to revive the legacy block-and-tackle security strategies in the cloud, forward-thinking organizations are balancing end user enablement and organizational security with zen-like sagacity. But how?
Your users simply want to get their job done. With the near limitless accessibility and power of tools available, users will find a way to work faster, smarter, and more collaboratively.
The security of these methods? That’s up to us. First, understand what your users want and their preferred tools. Then you, as the security professional , can design and deploy a security strategy that will stick.
For example, if users prefer a public cloud application for file collaboration, make sure you embrace it’s functionality rather than attempt to block its usage, driving users underground and preventing the security capabilities you need.
Extra Credit for Cloud Security
Ninety-nine point nine percent of employees are good corporate citizens. While employees are not seeking to put their company at risk, they may do so inadvertently through the powerful data collaboration capabilities of the cloud.
Rather than relying on paper policy or harsh punitive action, lead with education – the strongest tool in the IT security tool chest. Whether this comes in the form of one-on-one sessions, quarterly seminars, or another training medium, make sure users know how they can use their tools of choice – while keeping the data stored in them secure.
Embrace Teachable Moments
The wise security professional understands user-induced security incidents are not challenges – they are opportunities. As we’ve established, nearly all security violations are unintentional and stem from lack of knowledge.
Continue practicing proactive education by extending security lessons beyond an occasional event. In the event of a security violation, reach out to the offending party and offer an explanation as to why they are in violation and how to address this. For a scalable solution, automate this response action.
Keep an Eye Out
For this people-centric model to succeed, the security team must retain the ability to rapidly identify security events across multiple cloud applications. By all means, let your users leverage SaaS applications for all they’re worth – but not without the insight necessary to do so securely.
For critical security incidents, remediation may be better suited to security operations professionals in order to ensure risk mitigation is quick.
The Human Firewall
Breathe new life into your cloud data security strategy by aligning with users, educating them, alerting them when they violate policy (and letting them fix their errors!) – all while keeping an eye out for the occasional security incident worth leaving to the professionals.
This approach transforms users into a human firewall – a far more powerful tool than technology alone. By empowering users, information security leaders do more than simply secure the enterprise – they advance the capabilities of an organization and gain a voice in bigger picture business discussions.
Ready for more?
In our CISO’s Guide to Cloud Security eBook, you will:
- Learn the characteristics and priorities of today’s forward-thinking security leaders
- Obtain actionable guidelines to initialize and execute an effective cloud security program
- Be empowered to bring it all to life with a formula to measure the impact of security efforts in every organization