CloudLock Tracks Google Apps Cloud Misuse

 
 
By Sean Michael Kerner  |  Posted 2013-12-16
 
 
 
cloud security

Accurately controlling and managing users and data in the cloud is becoming increasingly complex and challenging for many organizations. One vendor tackling the problem is CloudLock, though it is taking a bit of a different tack.

On Dec. 10, the company made available a free tool called CloudLock GeoFence to help Google Apps users track user activity within a domain to limit security risks.

CloudLock GeoFence is the first CloudLock Labs project and does not represent a product offering, Kevin O'Brien, director of product marketing at CloudLock, told eWEEK. The idea behind CloudLock Labs is that it is an effort for creating innovations that are considered experimental.

CloudLock has multiple commercial offerings, including CloudLock Collaboration Security and Apps Firewall. The commercial products provide operational and regulatory compliance technology for administrators, allowing them to enforce acceptable use policies and acceptable application policies within their Google Apps domains, O'Brien said. In contrast, the new free CloudLock GeoFence tool is aimed at Google Apps administrators who can't tell if their users' accounts are being misused.

The GeoFence tool is not a digital loss prevention (DLP) solution. O'Brien said it's a new tool for administrators, who often have a difficult time understanding where risk is coming from in terms of user activity and determining if their accounts have been compromised.

Google already provides its users with an administrative dashboard that offers some visibility into usage. Other vendors, including Ciphercloud and Symantec, are also ramping up cloud visibility and security solutions.

CloudLock's level of security visibility is geographically presented in terms of where, globally, incidents are occurring, O'Brien said, adding that it covers failed log-ins, changes from administrative accounts to groups that may reflect poor decisions or stolen credentials, and document access. Data from the CloudLock tool is exportable to security information and event management (SIEM) and workflow solutions that administrators may already have in place.

One of the primary ways many vendors have approached the cloud security problem is with encryption. However, adding an encryption layer that requires users to host encryption keys or route traffic through reverse proxies and/or gateway systems increases the complexity and cost of cloud deployments, O'Brien said.

"Predicating our solutions [like GeoFence] on trust-but-verify approaches means also increasing the accuracy and immediacy of the security data that is available, which is different from the command-and-control approach of encryption," O'Brien said.

Currently, GeoFence is only available for Google Apps, but over time that could change, O'Brien said. "We're not quite ready to announce our next labs project yet, but stay tuned—there are a lot of frontiers left to explore in terms of true cloud security, and we're committed to innovation in the space," he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Rocket Fuel