Cloud access security brokers are seen as one way telecom operators can ensure robust protection as they venture into the cloud.
With telecom operators increasing their reach into cloud environments, steps need to be taken in order to ensure such moves do not open up network operations to security issues. If telecom networks have been known for one thing, that is their robustness in the face of potential security threats.
One option in maintaining a high level of security in a cloud environment is the use of cloud access security brokers. CASBs are designed to allow those tasked with ensuring security measures to apply enterprise security policies across multiple cloud services. When linked to a cloud broker, which can help organizations provision and manage services, CASBs are seen as a way to monitor cloud applications and data.
According to Gartner, a CASB is the No. 1 technology trend for 2016, and “required technology” for any enterprise using multiple cloud service, with the firm predicting large enterprises using CASBs to grow from less than 5% today to 85% by 2020.
“We are looking at CASBs as we are tying to add additional value and managed services for customers as they move more and more into pubic cloud,” said Vickie Lonker, director of product and new business for networking at Verizon. “It’s still a very new area for us, but is something we are looking into.”
In a recent report, Gartner offers numerous recommendations that customers should consider when evaluating a CASB, including these considerations:
1. Consider the functionality not available with API-only CASBs compared with multimode CASBs before making a decision.
2. Start with shadow IT discovery in order to know what’s in your environment today before moving to policy enforcement.
3. Look for CASBs that support the widest range of cloud applications, including those you plan to use in the next 12 to 18 months.
4. Look past CASB providers’ “lists of supported applications and services,” because there are often substantial differences in the capabilities supported for each specific application.
5. Whether the CASB deployment path will work well with your current network topology.
6. Whether the solution integrates with your existing security systems such as IAM, firewalls, proxies and SIEMs.
Interoperability testing is also seen as a requirement for security solutions. Sure, a platform may work well in a siloed environment, but most commercial deployments are made up of dozens of different components, thus anything deployed must show it can interoperate in the wild.
“It’s important for those that are cloud players to make sure they are tested and are part of some ecosystem not just for security, but that you can show that you can play in an eco- system environment,” said Myk Konrad, VP of product management and marketing at Sonus.
Beyond the technical solutions, many noted simply following the rules would likely eliminate most security threats. According to Gartner Research, “through 2020, 95% of cloud security failures will be the customer’s fault.”
“Using good best practices is probably the easiest solution,” said Simon Leech, chief technologist for security at Hewlett-Packard Enterprise. “Good protocols are out there using SSL and IPSec. In terms of those capabilities it’s pretty well controlled and SDN will help in allowing for VPNs to be spun up in between locations. What is probably more important from the consumer and provider perspective is that the system is being used correctly.”
Andy Daudelin, VP of cloud at AT&T, said the market could make the adoption of best practices easier, noting that while the tools are there, those tools also require some level of knowledge to implement and can also be used by those looking to cause trouble.
In terms of moving on a security plan, most noted the need for a thorough investigation into the security needed and what level of security can be supplied by either a cloud provider or security platform as at the end of the day the decision comes back to the party making the choice.
“It’s possible to outsource the cloud, but not possible to out- source the risk,” Leech said. “At the end of the day it’s my fault if I chose the wrong provider. Organizations need to know that. They need to really research their cloud providers in terms of their security protocols.”
For more on the topic of cloud security check out the latest RCR Wireless News feature report “Securing the cloud in the age of analytics and software.”
Bored? Why not follow me on Twitter.
