IBM Cloud Security Enforcer Secures 'Bring Your Own' Cloud Apps
No one questions the benefits of the cloud any longer -- but many enterprises have valid concerns about security and visibility. IBM is working to ease those concerns with its Cloud Security Enforcer.
One in every three employees at Fortune 1000 organizations are uploading and sharing sensitive corporate data to third-party, cloud-based applications, according to IBM research. What’s more, 57 percent of employees know they are violating company policy in doing so. Although they have good reasons -- better accessibility, improved productivity and the convenience of cloud applications -- this so-called shadow IT practice brings with it security concerns.
“Organizations need to be able to see, control and monitor cloud application usage to help protect against cloud-delivered threats, policy violations and risky user behavior,” IBM said in a statement. “One of the key challenges is that on-premises security products have a technology gap when it comes to cloud application usage and visibility.”
Overcoming Tech Gaps
IBM’s Cloud Security Enforcer works to overcome these technology gaps. The software-as-a-service solution addresses cloud visibility and security by integrating cloud discovery, threat intelligence and prevention, policy enforcement, identity as a service and cloud event correlation into one packaged solution.
The solution offers IT teams visibility into mobile and overall cloud usage within the enterprise; identifies and helps IT teams understand cloud app risk ratings; measures improvements in approved shadow IT cloud app usage; sets up controls for cloud access and policy enforcement; and promises to help manage subscription costs and control application sprawl, according to Big Blue.
“With just a few clicks, administrators can make approved cloud applications available to employees using their existing corporate credentials,” IBM said. “Employees get a searchable directory of available applications with self-service features such as one-click onboarding. The personalized launch pad helps them use applications faster and become more productive. Built-in access controls also help ensure secure and approved usage of cloud applications.”
Giving Enterprises Assurance
We caught up with Zeus Kerravala, principal at ZK Research, to get his thoughts on the new solution. He told us it’s about time IBM got into this game.
“Security is still by far the number one inhibitor to the cloud. In fact, in surveys I’ve run, visibility is the number two inhibitor,” Kerravala said. “There’s the expression that, ‘You can’t secure what you can’t see.’ Most organizations have a pretty good idea of what’s going on at their premises but as soon as the traffic leaves their premises and moves onto the cloud, it ends up being a big blind spot.”
IBM is partnering with cloud providers like Google Apps, Microsoft, and Salesforce with this rollout. Kerravala said these partnerships will extend what companies can see off-premise and allow them to manage it. The solution is available now.
“Given all the security breaches we’ve seen over the last four or five years with cloud providers, this should give enterprise customers a lot of comfort that they can use cloud services and still maintain the same level of security," he said.