As the cloud market continues to expand, enterprises are not only accelerating their adoption of out-of-the-box SaaS services, they’re increasingly looking to run their in-house developed custom applications in the public cloud. Developing applications in the cloud not only provides the traditional benefits of cloud computing, like not having to maintain your own infrastructure, but it often times also results in faster time-to-market for new apps.
The average enterprise has hundreds of custom-built applications, many of which are hosted in the public cloud. Frequently, these applications contain highly sensitive customer or employee data, and their use must comply with external regulations and internal policies. IT Security teams, however, are not always aware of these applications. According to a recent CSA survey, the average enterprise has 464 custom applications deployed, yet the security team is only aware of 38.4% of them. This means many of the necessary security controls that are applied to sanctioned SaaS services or other on-premises software may be missing in cloud hosted custom applications.
IT Security teams need to have complete visibility into the usage and risk of custom applications, just as they do for critical SaaS applications. They need to know what types of sensitive data is being uploaded to these apps, who has access to the data, what kind of data residency, governance, and compliance policies apply to them, and what kind of controls are in place to ensure the data is secure and protected from threats. As more and more custom applications migrate to or developed in the public cloud, outside the purview of IT Security, the security gap will only grow if unaddressed.
To address this growing security need, McAfee is proud to announce the launch of our latest cloud security solution, McAfee MVISION Cloud for Custom Applications. MVISION Cloud for Custom Applications enables enterprises to extend the same CASB capabilities used to secure SaaS, such as DLP, activity monitoring, threat protection, access control, and encryption, to their custom-built applications. Best of all, McAfee can extend this deep set of security and compliance controls to custom-built applications without any coding or development required from the customer.
How? McAfee MVISION Cloud is the first and only cloud access security broker (CASB) to create a self-service model that uses machine learning to automatically understand activity in your custom applications. Within minutes, security and compliance teams can begin monitoring detailed activity logs, detecting threats, and enforcing security and compliance policies.
McAfee supports 4 critical use cases pertaining to custom application security.
1. Provide complete visibility into user activity across all custom applications.
McAfee monitors activity in custom apps and provides customers a complete audit trail of all user and administrator activities taking place in each application, for security and compliance. This includes who’s accessing which applications, what types of data is being uploaded or downloaded with what kind of device and by whom, who has access to what data, and with whom the data is being shared. This deep level of activity data supports compliance requirements and helps accelerate post-incident forensic investigations while decreasing incident response time.
2. Enforce data loss prevention policies
McAfee enables customers to leverage the same best-in-class DLP engine they trust for their SaaS DLP, and extend its capabilities to protect sensitive data, including protected health information (PHI), personally identifiable information (PII), and intellectual property, to custom applications hosted in IaaS. McAfee’s platform approach ensures that the same DLP policies used to protect data in sanctioned cloud services can be applied to custom applications. This greatly streamlines DLP policy enforcement while ensuring enterprises remain compliant with external regulations and internal policies. Enterprises using McAfee MVISION Cloud get a single view to manage policy violations across all cloud services in use, and effortlessly apply remediation actions, in real-time, such as notify administrator, block, or encrypt.
3. Detect activities indicative of insider threats or compromised accounts
In 2016, 63% of data breaches, including the breach that sunk Code Spaces, were due to a compromised account where the hacker used a weak, default, or stolen password. The 2017 Cloud Adoption and Risk report shows that insiders are an even more frequent source of attack than third parties with a compromised account. Given the ubiquity of insider threats, privileged user threats, and compromised accounts, we have extended our cloud threat protection solution to any custom application developed on any IaaS service.
McAfee not only looks at anomalous activities within a custom application, but also correlates activities across all custom and SaaS applications to sift through the noise and identify true threats. McAfee detects threats arising from inside an enterprise, such as when an employee downloads a large amount of data onto a personal device right before taking a position at a competitor company, or when a privileged user performs unwarranted permissions escalation. McAfee also flags external threats such as login attempts by same user from disparate locations and blacklisted IP addresses or brute-force attacks, to identify and remediate compromised account threats. McAfee’s machine-learning algorithm is continuously updated with minimal human input to improve detection accuracy and reduce resource-draining false positives.
4. Enforce contextual access control and data security policies
While the cloud provides the fundamental benefit of letting employees access critical resources from anywhere, at any time, using any device, this introduces security risks where sensitive data could be exposed through an unmanaged or unsecure device, untrusted location, or through non-compliant sharing. McAfee supports enforcement of unique access policies for custom applications based on whether the device is managed or unmanaged, if the IP is blacklisted or safe, or whether the traffic originates from a trusted or untrusted location. McAfee can also force additional authentication steps if certain pre-defined risk thresholds have been met. Using enterprise-owned keys, McAfee provides an additional layer of security by encrypting sensitive unstructured data uploaded to custom applications.
About the Author
Categories: Cloud Security