The most common way to manage data security and user access in cloud computing is through the use of a Cloud Access Security Broker (CASB). This technology allows you to see all your cloud applications in use and to apply security policy across them. When using a CASB, your security management can consist of the following primary tasks:
- View all cloud services in use and assess their risk. CASB technology uses network log data from secure web gateways, firewalls, or security incident and event management (SIEM) products to show all the cloud services being accessed from your network and managed devices, including those that employees sign up for without IT, like shadow IT services. It then displays a risk rating, so you can decide whether to continue to allow access or not.
- Audit and adjust native security settings. Many SaaS applications, including Office 365, come with native settings like access and sharing permissions. From a single console, you can set policies for how you want to set permissions across multiple cloud services.
- Use Data Loss Prevention to prevent theft. Some of your intellectual property or regulated data will most likely make it into a cloud service like Dropbox. Through an API connection to the service itself, you can classify data and set policy to remove, quarantine, or encrypt it based on your chosen policy. This applies to all data in the service, whether it comes from a device or network you know about, or from any unmanaged device you can’t see.
- Encrypt data with your own keys. Depending on your risk tolerance, you may not want to trust the cloud provider’s native encryption to protect your data. If you do, the provider will have your encryption keys and technically could access your data. Instead, you have the option to use your own encryption keys and manage them yourself, blocking access from any third party but allowing authorized users to use the application with normal functionality.
- Block sharing with unknown devices or unauthorized users. One of the most common security gaps in cloud computing is someone signing into a cloud service from an unmanaged device and accessing data without your visibility. To stop that, you can set requirements for the devices that can access data within the cloud services you manage, so only the devices you know are allowed to download anything. You can similarly control sharing of information to unauthorized users by changing their permissions or “role” such as owner,