More and more organizations are making the decision to move their legacy, in-house applications to the cloud mainly due to the cost savings. One of the major concerns about moving applications to the cloud is how to secure an application that was originally designed to be on-premise.
When these applications were behind on-premise network security there was not a concern about who would be able to access them and what they were doing in the application. Moving to the cloud now introduces this dynamic and with it concerns around how to control who accesses the applications once they are in the cloud.
This move to the cloud now also opens the door to accessing applications from anywhere in the world and potentially any device. Being able to have visibility into where a user is logging in from geographically as well as what activities a user takes beyond an initial login and the context upon which that access occurs will help keep the data secure.
These same applications may have relied on a local directory to store attachments or documents. Moving to the cloud would likely mean storing those same attachments or documents in a cloud-based directory like Amazon Web Services (AWS) Simple Storage Service (S3) or Microsoft Azure Blob Storage.
When on-premise access to the application or information within the application would typically be limited to a corporate-wide incident. If access settings in the cloud are misconfigured, then the exposure is much larger.
Having the ability to easily and quickly add these capabilities to applications being moved to the cloud can be addressed by leveraging an API framework into the model. Incorporating an API framework would provide the following capabilities:
- Prevent unauthorized sensitive data from being stored in cloud collaboration, file-sharing, or storage devices
- Capture a complete audit trail of all user activity for forensic investigations
- Detect malware, compromised accounts, privileged access misuse and insider threats
- Successful/failed login attempts
- Who is accessing the application, device type, IP address, role of the user and geographic location
- How much data is being accessed, created, updated, deleted, downloaded, shared, or uploaded
MVC for Custom Applications will enable organizations to enforce CASB policies without the need for developers to spend a lot of valuable time writing code. This will allow legacy applications to have the MVC CASB enforce security policies enforced on it, whether the application is in a private data center or in the cloud.
To learn more about McAfee’s cloud solutions, check out McAfee MVISION Cloud Portfolio.