Perimeters and Unicorns: Two Things That Only Exist in IT Fairyland Gary Paluch, CISSP, Sr. Sales Engineer We’re all familiar with the term “Shadow IT’. Perhaps too familiar. In fact, we’re all probably a little tired of hearing it – I know I am. So I’d like to take a different look at this and contend that Shadow IT doesn’t have to be shady. To get there, though, we do need to talk about this dilemma – so let’s get started.
The perimeter as you know it is GONE
The Rise of Consumer-Driven IT TODAY SaaS App Explosion 2007 (iPhone is born) BYO and Consumerization MOBILITY 2000 Remote and Line of Business SaaS usage Salesforce.com is born Campus-based client/server VIRTUALIZATION & CLOUD
There are 10,000 enterprise apps today (and growing). There are 4000 enterprise apps today. This is up from 3,000 6 months ago and we’re adding somewhere in the range of 100-150 of these apps per month on average. These are the most common apps and some apps you’ve never even heard of. I talk to customers who a year ago were trying to get their heads around deployments of apps we’ve all heard of like Evernote and HipChat… today these customers are calling me about apps like Trello and Seamless. These things aren’t just grow up in numbers, they’re growing out in category redundancy – we’ll talk about that in a minute. But why is this happening? How has it come to be? The answer is closer to you than you think. Reach into your pocket and pull out your phone. Take out that tablet. Grab 1 of the 3 devices we all carry around with us everyday… We love these devices and we love these apps!
© 2015 Netskope. All Rights Reserved. How Do Cloud Apps Get In? 10% IT-led Sanctioned 70% Business-led Mostly Unsanctioned 20% User-led One framework we use to think about cloud apps starts with how those apps come into your environment, and whether they’re sanctioned or not. Some are brought in by IT, some by lines-of-business, and some by individuals. Each of these app types has an important, and often business-critical, role to play in the success of your organization. Even Twitter is a must-have for many organizations and not just in marketing, but in customer support, business development, and the executive team. We at Netskope have thought through how to safely enable apps, whether sanctioned or not, and regardless of how they come into your environment. © 2015 Netskope. All Rights Reserved.
These were controlled by IT IT estimate: 40-50 Not just individuals… 64 Marketing 47 Collaboration 40 HR Actual: 715 These were controlled by IT Beyond the sheer volume of apps, the number of apps in business-critical or risky categories is surprising. And when measured for enterprise-readiness you’ll find that more than three-quarters of them score a “medium” or below. This is based on Netskope’s Cloud Confidence Index which is modeled and developed in collaboration with the Cloud Security Alliances Cloud Controls Matrix. This means that these apps don’t meet enterprise standards for security, auditability, and business continuity. With the majority of cloud app procurement happening outside of IT, there is risk – risk of security events, data loss, and non-compliance. All of this basically sets up one giant catch-22: IT must enable the very cloud that it has to protect the business from. And you can see this dilemma playing out. We simply haven’t been able to move fast enough from a technology or policy point of view… <next slide> Source: Netskope Data
apps users activities data Malicious or non- intentional 700+ cloud apps per enterprise 90% are not enterprise-ready users Malicious or non- intentional 15% of corporate users have had their account credentials compromised activities Cloud makes it easy to share When is an activity an anomaly? data 18% of files in cloud apps constitute a policy violation 22% of those files are shared publicly With more than 700 cloud apps being used by a typical enterprise, what is the risk associated with all this cloud usage? <advance to data breaches build> Let’s start with the elephant in the room - security breaches. It seems like a day doesn’t pass without news of another data breach. 2015 has been a tough year so far with more than 107M records exposed. <advance to policy violation build> Data breaches present a big risk because the type of data that is exposed. Nearly a fifth are sensitive and another fifth of those are shared publicly. Sensitive content combined with files shared publicly is a recipe for disaster. <advance to probability of a data breach build> You have spent a good amount of investment on perimeter security technology to help mitigate security risks associated with your enterprise infrastructure, but now that your perimeter has been extended to cloud apps, you have blind spots and are more vulnerable to attacks and potential loss of sensitive data. According to the Ponemon Institute, using the cloud can increase the probability of a data breach by more than 3 times. <advance to risk factors build> There are four risk factors to consider and address when it comes to cloud usage. Cloud apps, users, activities, and data.
Catch-22 There is a catch-22 between using the cloud and being safe. The question is should you block everything to mitigate your risk? That may not be the best solution as many people rely on the cloud for anytime, anywhere, access to data and to help them be more productive. Next Slide…
Allow is the new block (allow is new block green light slide) Netskope believes that Allow is the New Block and you should allow cloud applications, but block the risky activities instead.
6 Steps to Mitigating Cloud Usage Risk (without blocking everything)
Discover the cloud apps running in your enterprise and assess risk STEP 1: Discover the cloud apps running in your enterprise and assess risk Step 1: Let’s rip off our blind folds. Seeing is believing and knowing definitively the number of cloud apps people are using in your enterprise is the first step.
Understand cloud usage details STEP 2: Understand cloud usage details v Bob in accounting v Bob’s credentials have been compromised v Uploading customer data to Dropbox v From his mobile phone Step 1: Let’s rip off our blind folds. Seeing is believing and knowing definitively the number of cloud apps people are using in your enterprise is the first step.
Traditional perimeter security is blind to cloud activity Cloud Security 2.0 Number of cloud apps Hundreds Thousands Bytes ✔️ Basic session Info Cloud app enterprise-readiness score Activity-level details for all cloud apps Content-level details for files tied to an activity or for files stored in a cloud app © 2015 Netskope. All Rights Reserved.
Perimeter security lacks activity and content visibility Identity App Activity Data Summary Login as: mary@acme Browser/OS From: IP address To: IP address www.box.com URL Category: File Sharing/ Storage HTTP GET/POST/ DELETE/CONNECT HTTP headers GET and POST Body Web session start Web session end Login: mary@acme.com URL: Box Category: File Sharing Using: Macbook, Safari 6.0 From: IP address To: IP address Perimeter Security PII/PCI/PHI data Other sensitive classifications Login: mary@acme.com Box: ID mary@gmail.com App: Box Instance: Corporate Using: Macbook, Safari 6.0 From: Mountain View, CA Activities: Create Folder, Move Files (4), Share Folder w/ John@NewCo Anomalies: Downloaded a PII doc from SFDC, uploaded to box Login as: mary@acme Box ID: mary@gmail Using: Macbook/Safari From: Mtn View, CA Destination: App located in Germany To user: sharing a doc with “John@Newco” App: Box Category: Cloud Storage App Instance: Corporate CCL: High Risk: High Login Upload Download Share Logout Invite Edit View… Cloud Security 2.0 © 2015 Netskope. All Rights Reserved.
STEP 3: Monitor activities, detect anomalies, and conduct forensics Step 3 Let’s face it, we’re adapting to a time where you can’t wait to vet everything and you need to trust and then verify rather than the other way around. So put tools and analytics in place that lets you see things proactively.
Find sensitive data tied to an activity or stored in a cloud app STEP 4: Find sensitive data tied to an activity or stored in a cloud app Step 1: Let’s rip off our blind folds. Seeing is believing and knowing definitively the number of cloud apps people are using in your enterprise is the first step.
Use surgical precision in your policies, leveraging contextual data STEP 5: Use surgical precision in your policies, leveraging contextual data Step 4: With all the information you’ve gathered in step 2, you can start to come up with a plan and start making decisions.
Examples of using context in your policies Quarantine PII data uploaded to risky cloud storage apps Allow marketing and support teams to post to social media, but block finance team Don’t allow data marked “confidential” to be shared outside of our company Alert users using their personal Dropbox to use a sanctioned cloud app instead © 2015 Netskope. All Rights Reserved.
STEP 6: Don’t leave users in the dark. Coach them on safe usage. Step 8: In the immortal words of Jerry McGuire… Help me, help you! You want security, they want to use apps. Help them get use these apps securely by communicating. Best practices: Customize your coaching messages based on the situation Involve users as part of the workflow; enable them to justify their actions Implement an automated quarantine process for sensitive data and a workflow to approve or deny content
1: 4: Find sensitive data part associated with an activity or stored in a cloud app Discover the cloud apps running in your enterprise and assess risk 5: Use surgical precision in your policies, leveraging contextual data 2: Understand cloud usage details 3: Monitor activities, detect anomalies, conduct forensics, and find sensitive data 6: Don’t leave users in the dark. Coach them on safe usage. Here, in summary, are my 6 steps. I think it’s a good starting point and I hope you think so to. Because ultimately …. <click>