Note: This is my part two post on this topic. In case you missed it, in my previous post, I talked about developing a future-focused strategy.
Risk-Adaptive Data Security: The Behavior-Based Approach
I also made the point that getting there requires thinking through some important concepts like:
- Increasing visibility (covered in Part 1)
- Remaining flexible and agile
- Integrating on-premises and cloud security solutions
In this post, I’ll tackle points 2 & 3.
Remaining flexible and agile—and ready for whatever comes next.
Cloud-based computing environments can change in the blink of an eye—or the click of a button. Forcepoint CASB will help you keep up the changes. CASB offers very rapid application mapping with a flexible product architecture capable of providing real-time protection for any application in less than a week. This protection extends beyond basic login-logout coverage to enable you to audit and protect all user activities, and extends to custom applications.
This is important for keeping employees content and productive. It’s common in enterprise computing environments for there to be a handful of cloud applications that are very widely used, with close to 100% adoption, and many other apps that have a very small number of users. Your team must be able to secure both.
If employees are simply permitted to use unsanctioned apps without your knowledge or visibility, this compromises the organization’s security posture. If, on the other hand, such apps are simply blocked, you’ll hear complaints from disgruntled end users. A CASB solution that lets you identify risky apps and prevent risky usage lets you find a happy medium.
Finally, consider your cloud data protection strategy an extension of your on-premises data protection strategy, not something separate.
If your organization’s usage of cloud services ramped quickly, you may not yet have a cloud security solution in place that’s on par with what you’re using on-premises. You’ll want to begin by ensuring that both systems are equally powerful and capable while you work to bring them into alignment so that unified policies can be enforced across both.
The more comfortable your employees are with working in the cloud, the more important it is that you consider the cloud as simply one more medium where data resides, and one more channel across which it moves. Let’s take protecting critical intellectual property as an example. File and database fingerprinting helps to provide a deeper level of data protection that extends to the cloud. Our fingerprinting solutions allow policies to be applied simultaneously on-premises and in the cloud.
Here’s an overview of how file fingerprinting works in Forcepoint DLP:
And here’s how Database Fingerprinting works in Forcepoint DLP:
As your organization moves toward maturity in its cloud data protection, you’ll want to work toward merging your on-premises and cloud data security solutions. It’s important to make sure cloud access performance doesn’t suffer with the adoption of security technologies, and that policy enforcement is truly uniform across all the computing environments your employees rely on to get their work done.