Cloud represents the future of IT, as organizations across industries jettison their data centers. The widespread move has resulted in an estimated $200B market for public cloud services in 2016. Yet even within the young cloud market, an emerging category is building unprecedented momentum. According to Gartner, Infrastructure as a service (IaaS) grew an estimated 42.8% the past year, nearly double the growth rate of SaaS. Computing workloads are moving to cloud solutions like Amazon Web Services, Microsoft Azure, and Google Cloud Platform as companies pursue benefits in scalability, cost, and even security.
I’m thrilled to announce McAfee (formerly Skyhigh Networks) will pioneer this next phase of the cloud security market with McAfee for Custom Apps and McAfee for Amazon Web Services, Microsoft Azure, and Google Cloud Platform. The new products make McAfee the only cloud access security broker (CASB) to provide a comprehensive security solution for both SaaS and IaaS. And, with these new solutions, McAfee offers the only end-to-end IaaS security solution that delivers security and compliance for both custom apps and IaaS platforms they are running in.
“McAfee’s expansion of its security controls beyond SaaS is a key way IT can empower the business to fully leverage custom applications running in public IaaS, as well as having the confidence in protecting the IaaS platforms themselves.”
David Smoley, CIO AstraZeneca
Learn about McAfee for IaaS in 2 Minutes
Why is this so important? Companies have dozens and even hundreds of custom-built applications they use every day serving employees, external partners, and customers. Many of these applications serve critical functions for the organization. Moving these applications to the cloud can benefit companies’ bottom line, reduce time-to-market, and help them stay competitive in their respective industries.
But, as critical enterprise applications move to public IaaS platforms, companies face a new wilderness of security challenges. Here are a few of the examples of security and compliance challenges we heard from organizations:
- Employees post customer credit card numbers in unencrypted “notes” field of an internal customer service application, violating PCI compliance. The enterprise’s requirement was to enforce DLP on comments field and capture a detailed audit trail for investigation in the event of a violation.
- Highly valuable intellectual property was stored in S3 bucket that was publicly accessible, in violation of internal policies. The enterprise’s requirement was continuous audit of security configuration of their AWS environment and enforcing DLP on data stored in S3 buckets.
- Security incidents occurred in a custom loan origination application running in an IaaS Platform and the security team had no way to investigate. The enterprise’s use case was activity monitoring of each user’s actions, and leveraging user behavior analytics to identify insider threats, and privileged user monitoring.
With the advent of McAfee for Custom Apps and McAfee for Amazon Web Services, Microsoft Azure, and Google Cloud Platform, Security teams can now extend the required controls to custom built applications and the IaaS platforms they are running in, accelerating the adoption of IaaS across their enterprises, while meeting security and compliance requirements.
McAfee for Custom Applications enables enterprises to extend the same CASB capabilities used to secure SaaS – such as DLP, activity monitoring, threat protection, access control, and encryption – to their custom-built applications running in any IaaS platform. Best of all, policies are enforced without requiring any development effort. Specifically, McAfee for Custom Applications:
- Provides IT security teams visibility into the user activity capturing a complete audit trail for compliance and investigations.
- Enforces data loss prevention (DLP) to comply with regulatory requirements and internal policies.
- Protects corporate data with access control policies to limit downloads of sensitive data to unmanaged bring-your-own devices (BYOD) and with encryption of data with enterprise-controlled keys.
- Ensures uniform security policies across SaaS, PaaS and IaaS through a single pane of glass for administration and management.
McAfee MVISION Cloud for Amazon Web Services, Microsoft Azure, and Google Cloud Platform
McAfee for Amazon Web Services, Microsoft Azure, and Google Cloud Platform are comprehensive monitoring, auditing, and remediation solutions for enterprises looking to secure all of their IaaS accounts, or just those hosting a specific custom application. McAfee analyzes the configuration and use of IaaS accounts, identifies security and compliance gaps, and recommends specific actions to reduce risk. Specifically, McAfee for Amazon Web Services, Microsoft Azure, and Google Cloud Platform:
- Capture a complete audit trail of all administrator actions in the IaaS platform and actively detect insider threats and compromised accounts.
- Audit the IaaS platforms’ security settings to identify misconfigurations and make recommendations per company’s policies, such as requiring multi-factor authentication for users and eliminating publicly accessible storage buckets.
- Identify inactive accounts that should be deleted to reduce the attack surface.
About the Author
Categories: Cloud Security