Toward More Enterprise-ready Cloud Applications

By Author: skyhigh networks
Total Articles: 54
Comment this article

The shift from private datacenters to shareable “cloud” computing is here to stay. Analyst firm IDC estimates the market for public cloud services grew to $47.4 billion in 2013. By 2016 cloud is expected to reach half of all IT spending according to research firm Gartner.
Cloud adoption is partly driven by IT organizations making major purchases for CRM, ERP, and HR software, but there is a grass roots component as well. "Employees are using cloud services almost with abandon, without assessing the risk of those services," according to Skyhigh Networks CEO Rajiv Gupta.

With business critical processes and data moving to third parties, companies are understandably concerned about security. Many organizations assume that cloud providers are responsible for data security. But that’s not necessarily true, according to major cloud providers like Amazon, Salesforce, and Microsoft. Data security is a client responsibility in many cases.

The security expectations gap could be cleared up if more companies had conversations with cloud providers about security. Also, don’t assume that things that are missing ...
... from the providers’ terms and conditions are automatically taken care of. With thousands of cloud services, IT security departments also need new ways of rapidly assessing the Cloud Security service.
Even for approved services, IT has very limited visibility into how the application is being used and what data is being uploaded. Security teams are looking for the robust audit trails they expect from on-premise enterprise software, the kind that record all adds, modifications, and deletes of file or data. Traditional enterprise software tracks these actions, along with admin access which can be used to prove compliance to third parties and investigate and security breaches.

To reduce the risk of security breaches in the cloud, companies are increasingly looking toward encryption. Most cloud providers encrypt data in transit between the client and the provider, but fewer providers encrypt data at rest in their own datacenter. Companies are looking for end-to-end encryption that protects data before it leaves the premises with encryption keys that are wholly controlled by the organization. This can limit the risk of third party disclosure such as the kind that happens when cloud providers respond to a subpoena.

Companies also need the ability to automatically identify anomalous activity that indicates a security breach or compromised account. These events often take the form of unusual usage outside the normal volume of data or number of transactions a user account generates in a certain period of time. In one recent case, a company discovered a Twitter account sending over a million tweets per day. After investigating they discovered there was malware exfiltrating data 140 character at a time to an unknown third party.

Finally, when data moves to the cloud companies are looking for assurances about how their data is treated. Does the cloud provider or the customer own the data uploaded to the service? How long is the data retained if the client deletes the data? What happens to the data if the cloud provider goes out of business? These are all key questions enterprises are looking to answer to increase confidence in the cloud.

Skyhigh Networks, the Cloud Security Services company, enables companies to embrace Cloud Security Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com/ or follow us on Twitter@skyhighnetworks.