Is Cloud Application Control the silver lining that any next-gen web security solution needs?

The proliferation of Bring Your Own Device (BYOD) within the modern business environment was as much a matter of timing as anything else.

The growth in employee owned devices dovetailed with the global financial crisis. Businesses looking to reduce their overall capex costs therefore encouraged the trend as the cost of purchase, replacement and general day-to-day management of hardware became the responsibility of the owner.

Coupled with this, BYOD actually brought untold benefits to organisations. Not least of which by allowing workers to access systems from outside of the physical parameters of the office led to a general trend for staff to actually exceed their contracted hours and effectively work harder at a time when wages were being frozen.

The ongoing consumerisation of IT is creating a shadow IT community, of which CIOs have little or no control. According to research, nearly 70 per cent of employees who own a smartphone or tablet now choose to use it to access corporate data. The same research also found that the majority of these devices were not being managed through corporate channels – 30.7 per cent of employees discovered their own file sync and share apps.

Additional research has shown that 78 per cent of UK based businesses are now using a cloud based service, which is a 61.5 per cent increase since 2010. Cloud applications and cloud storage are both options that enable businesses to create an elastic technology framework.

With cloud application adoption throughout modern UK businesses growing, there has been a fundamental shift in how the BYOD endpoints need to be secured and managed. Organisations need visibility into the use of cloud applications and understand the risk they present, yet many still have legacy web security solutions designed over a decade ago that can no longer address the needs or the complexity of modern cloud applications.

Today’s web security solutions must offer Cloud Application Control (CAC) capabilities beyond the traditional security functionality to provide organisations with greater visibility and much better control of the use of cloud applications across all devices, regardless of whether users are in-office or mobile.

Gartner agrees; predicting that by 2016, a quarter of enterprises will secure access to cloud-based services using a CASB (or CAC) platform, reducing the cost of securing access by 30 per cent in the process.

The days of pointing at the cloud provider if something goes wrong have passed. Users will find their way around any policy to get the job done, so the challenge remains to transparently enforce security policies without intervening in the end user experience that people have grown to enjoy from cloud related services. Modern CAC should have the ability to change BYOD from a well-meaning concept to an applied business-friendly policy. It should enable the discovery of cloud apps in use, analyse the risk and be able to audit and log all usage, maximising visibility for everyone’s benefit beyond simply reporting after the event.

BYOD as a concept has enjoyed a decent shelf life but the security uncertainties that accompany it have eroded and are fast becoming yesterday’s concerns.

The barriers to adoption are diminishing and the mitigation of security risk is there for progressive companies that are willing to trash technology that was designed and architected to serve the market challenges of BYOD a decade ago.

Ed Macnair is CEO of CensorNet.