IT departments like to know what’s happening with the overall business. Without visibility, nasty security issues can arise and then it’s time for IT to ‘fight the fires’. Cloud apps used to be those nasty surprises.
As users, with just enthusiasm and a credit card, would sign up for file sharing, collaboration and CRM applications that were loaded with sensitive data, and often, without the right level of security policy, encryption or enforcement. With recent reports showing that organisations are now running some form of cloud app, this article looks at how the IT department can embrace the adoption of more agile apps, secure them, and ensure that they reside within a sensible overall compliance and security policy.
Today's changing workforce
The expectations of today's workforce have and continue to change rapidly. First it was remote working, and then it was BYOD. Now, it has broadened to millennials adopting a cafe culture work style with the majority of visitors to your offices expecting Wi-Fi access as a minimum standard. Employees now expect to be able to access information from any device, at any time from any location. These same employees are using mobile apps in their personal lives and most are also now using cloud apps in their business lives with applications such as Gmail, Salesforce, QuickBooks, etc., proving popular with management and employees alike. The proliferation of these cloud apps has perhaps, unsurprisingly, acted as a precursor to many organisations embracing the cloud.
The benefits of Hybrid IT
For many organisations, especially those not in a start-up phase, i.e. those with legacy systems to consider, embracing the cloud means embracing Hybrid IT as it allows them to run cloud applications without abandoning their private data centres. Moreover, it enables organisations to cater to all the aforementioned needs of today's employees whilst maintaining productivity. With today's technological advances, such as cloud applications and Hybrid IT, workers can enjoy great productivity and the enterprise can flourish as a result of this. But there are security risks.
The security implications of Hybrid IT
This transition from traditional IT to Hybrid IT brings security concerns, in particular, from a remote workforce, accessing data from anywhere at any time and from multiple end points. Additionally, introducing a BYOD policy ultimately means that sensitive corporate information will reside in the cloud through an array of SaaS vendors such as those mentioned above but also including other well known applications such as Dropbox, Office 365, and Concur.
Negating the renegade
In order to ensure that Hybrid IT is safe and secure, organisations need to meet all the challenges that it poses for security. They must authenticate user and device identity, and provide a safe tunnel for applications in the cloud as well as on their very own premises to be accessed and utilised securely. And needless to say, they must achieve this while not impacting the user experience at all.
To secure the pathways between devices and data, you must secure the tunnel between them. In order for this to be effective, the IT team needs to focus on two things: allowing secure access, and making sure the tunnel is protected and controlled. This is normally achieved by using existing Secure Sockets Layer Virtual Private Network (SSL VPN) gateways to access the data centre while also relying on a Cloud Access Security Broker (CASB) to ensure a secure pathway between users and the cloud.
In order to authenticate users and devices accessing your network, you need a high degree of visibility. Nothing provides better end-to-end visibility then that of a Network Access Control (NAC) solution. The current market conditions, including BYOD, remote working, the proliferation of IoT and even Hybrid IT itself, means a huge increase in the sheer volume of endpoints makes NAC an incredibly relevant solution right now as it offers consistent visibility over all of these endpoints. And due to the continuation of data breaches, visibility of who is accessing data from what device and from where is more valuable than ever.
Reading user or device behaviour
Good NAC solutions operate context-aware security which includes building up a picture of what behaviours, of users and devices, should be considered as safe and what are not and then use this information, in real-time, to decide whether or not to allow access. For example, a NAC solution might consider a device trying to access the network dangerous because another device belonging to the same person is already logged-in from a different location. The solution determines that the user cannot be in both places at once so categorises the behaviour as unsafe and denies access. This end-to-end visibility from endpoints to appliances and converged policy management for remote, mobile, and campus access security is exactly what is required to secure Hybrid IT.
User-friendly means everything
As enterprises adapt to new technologies and market forces, and instigate new solutions and policies, a huge part of the success or failure of these new solutions and policies is dependent on how user-friendly they are. If users find solutions difficult to use and applications and information awkward to access, productivity will be negatively impacted. There is also the added security issue of workers trying to find workarounds in order to avoid the difficulty on an ongoing basis. When it comes to device and user authentication, the ability to eliminate the need for multiple passwords and provide automatic access to applications and information that employees need to be productive is a key pre-requisite for success, especially in today's multi-device environment. Workers want to get the job done but they don't care about where the apps they are accessing are stored; they just want to be able to access what they need easily.
There are clear benefits of using the cloud and moving towards a hybrid IT infrastructure including improved productivity, happier workers who are using the applications and devices that they're familiar with from their personal lives, and cost savings. But you can't ignore the security implications. To successfully move to Hybrid IT, it's imperative to strike the right balance between enabling employees to be as productive as possible and ensuring those employees and their devices are securely authenticated before accessing sensitive information. The good news is that the technology exists to support organisations to get this balance right.
Adam Jaques is the Senior Director of Worldwide Marketing at Pulse Secure. A true technologist, he blends a lifelong tech passion and broad market insight. Twitter: @adamjaques