Cloud

How CASBs and Behavioral Analysis Can Boost Federal Cloud Security

Agencies can turn to cloud access security brokers to enhance their IT security.

George Kamis is CTO for the global governments and critical infrastructure business at Forcepoint. He works closely with information assurance industry leaders and government executives to help guide long-term technology strategy and keep it aligned with federal and industry requirements.

There’s a famous line in the movie The Godfather: Part III where Michael Corleone laments, “Just when I thought I was out, they pull me back in.”

It’s an utterance that many federal IT professionals can probably relate to, particularly when it comes to monitoring the types of devices and services their colleagues are using to complete their jobs. Just when managers thought they were out of the BYOD trend, they were faced with the threat of unsanctioned cloud applications and the challenges of shadow IT.

Even as federal IT professionals begin to accept the use of personal devices and cloud-based apps, security remains a primary concern. What is the right balance between workers’ desire for productivity and the agency’s need to protect its data? Cloud access security brokers (CASBs) can help answer this question.

The Cloud Cybersecurity Struggle Continues

A recent Ponemon Institute survey (sponsored by Forcepoint) garnered insights from more than 600 federal IT decision-makers on how they find balance and address security in the cloud. Fifty-five percent said that their agencies have strongly embraced the cloud, but many are still struggling with security. Meanwhile, 71 percent said that visibility and governance are challenges to securing cloud use.

Some of the cloud applications being used may be well known and highly secure, but there may be other less popular or custom applications on the cloud that are being used to store and transmit sensitive data. In many cases, the federal IT security manager is the last to know when a new application is accessed from the cloud. In some cases, they may never know — a sobering prospect for managers whose ability to deter threats is dictated in large part by the amount of control they have over their networks.

Managers faced with this challenge are likely inclined to choose one of two options. The first is to stop the use of any new cloud-based application that is discovered until that application can be vetted by IT. The second is to allow use of the cloud application while attempting to determine how to support it as quickly as possible.

Neither of these are ideal. The former creates friction between IT and users by preventing workers from using applications that can accelerate their workflows and improve productivity. The latter creates headaches for time-strapped IT professionals by forcing them to spend time trying to figure out how to support a new application.

CASBs Provide Feds with a Better Security Option

There is a third option out there in CASBs. CASBs sit between the user and the cloud-hosted service provider. They ensure that data is encrypted and exchanged securely and that use of the cloud application adheres to the agency’s established security protocols.

Visibility and the ability to holistically manage an entire application environment are key components to a CASB. IT managers can identify and monitor all of the applications that are being used by their colleagues and apply security policies to all applications simultaneously.

Furthermore, CASBs can be used to gain an enormous amount of intelligence surrounding different applications. They can then automatically compare the risk levels of different applications so that administrators can filter out cloud applications that may be perceived as higher-risk.

VIDEO: See how public-private partnerships help the FBI manage cybersecurity threats.

CASBs Can Monitor User Behavior

Many organizations manage risk through behavior analysis of digital identities on a network. A baseline of normal behavior is established: For example, a user logs into the network from the same type of browser, from the same devices and from the same location on a daily basis. A deviation from that pattern can signal something is wrong, such as the user’s credentials being used to access the network from a different geolocation or browser.

Behavioral analysis can be used in conjunction with a CASB to form a very powerful form of threat prevention. A CASB can monitor a user’s behaviors and interactions across a wide array of applications. IT security managers can see which applications the person is using, how they are being utilized, the type of data being exchanged and so on. This information can be used to determine whether or not the user should be classified as a high risk, such as those that have access to highly sensitive data or who exhibit deviations from normal behavioral patterns.

CASBs Can Help Enhance Mobile Security

Many of these users are likely using their own personal devices to access cloud-based applications. Unlike agency-sanctioned phones or tablets, those devices are unlikely to include an agent or be connected to a forward proxy server. This decreases IT visibility while increasing risk.

CASBs provide the ability to implement reverse proxy, enabling managers to enhance the security around the use of personal devices and cloud apps. Users log on to an application from their mobile devices and are routed to a URL where they are automatically authenticated. Managers can then monitor the ensuing activity and tie users’ actions — including the apps they are accessing, the data they’re sharing and the devices they’re using — back to a pseudo-anonymized behavioral profile.

In each of these ways, CASBs help IT security managers beat back the threats posed by BYOD and the use of unsanctioned applications without sacrificing user efficiency and productivity. They can pull security control back in where it belongs — within the agency — in a world that is quickly being dominated by the cloud.

bernardbodo/Getty Images