IBM has produced new cloud security technology that helps protect organizations from risks associated with the increasing use of “bring your own” cloud apps at work.
Big Blue’s new Cloud Security Enforcer gives companies visibility into all third-party cloud apps used by their employees, provides a secure way to access them, and enables companies to control which corporate data can and cannot be shared with the apps.
Cloud Security Enforcer helps companies address a potentially significant security exposure, as they currently only have visibility into a fraction of the cloud apps used by their workforce.
Indeed, new research from IBM found that one-third of employees at Fortune 1000 companies are sharing and uploading corporate data on third-party cloud apps. Employees today are increasingly engaging in risky practices on these tools, such as signing in with their personal email addresses, using weak passwords or re-using corporate log-in credentials.
IBM’s study of more than 1,000Fortune 1000 employees showed that one out of every three employees is uploading and sharing corporate data to third-party cloud apps, often without the knowledge of their employer. With little or no visibility into these apps, companies have no awareness of the risky activities being performed on them, which the survey also uncovered.
IBM noted that choosing convenience over security is a growing trend and it is being compounded further with the influx of Millennials into the workforce, who will make up half of the globe’s workers by 2020. The study found that currently, one out of every two Millennials is sharing work data to outside cloud apps.
The company is working with its partner, Box, and other popular cloud app providers to make these apps safe for work. The new cloud-based technology connects into the most commonly used work apps enabling companies to secure the third-party apps their employees are using out of policy. It also constantly monitors the risks of these apps being breached, based on intelligence of malicious activity happening around the world.
While the cloud offers greater productivity, security tradeoffs can result in the loss of control of corporate data, and the inability of companies to protect employees’ identities. With the release of Cloud Security Enforcer, IBM is extending users’ control, visibility, security and governance inherent to their hybrid cloud environments.
“Other vendor technology in the market today manages just the discovery of which cloud apps employees are using,” said Caleb Barlow, vice president of mobile management and security at IBM. “IBM Security Cloud Enforcer goes well beyond just discovery — it actually gives employees a path for using the third-party cloud apps they want as it centrally manages access via secure log-in credentials. No other company in the cloud access security broker space does this identity management. Previously, companies needed several different technologies to do some of these things. Now, however, they just need one SaaS technology in Cloud Enforcer.”
IBM’s study also showed that one in every four employees is linking cloud apps and services apps to their corporate log-in and password, leaving loopholes through which hackers can gain access to company networks.
When employees conduct rogue activities on unsanctioned apps, known as “Shadow IT,” companies lose control over and visibility into sensitive data.
New IBM Security System Makes ‘BYO’ Cloud Apps Safe for Work
“We decided to take a completely different approach to shadow IT than any company had yet taken before, and innovate around the trend of shadow IT in a whole new way,” Barlow said. “Our idea behind Cloud Security Enforcer is to change the conversation between employees and their IT and security teams – so that there is no more arguing about whether or not they can use a certain app. We want to turn corporate IT teams into ‘Yes Men’ with Cloud Security Enforcer.”
For example, an employee could use their personal email to set up an account on a third-party, file-sharing cloud app, to which they would then upload their team’s sales contacts in order to see them on their mobile device. While this unapproved use would give the employee flexible access to this data, it presents a major challenge if the person decided to take another position at a competitor. Although they would no longer have access to the data and networks monitored by their former employer’s IT team, they would still have visibility into the data uploaded into that app – presenting a potentially tremendous competitive problem.
“With the innovation that we’re bringing to the table today, we’re showing the value in third-party cloud apps in terms of convenience and productivity for employees with secure access, total visibility and management for companies,” Barlow said.
Hosted on IBM Cloud, IBM’s new Cloud Security Enforcer is a cloud-based tool that scans corporate networks, finding the apps employees are using, and providing a more secure way to access them. Building on IBM’s existing partnership with Box, which offers users strengthened security when sharing files via mobile devices and the Web, IBM has also built secure connectors into Box’s file-sharing cloud app for Cloud Security Enforcer.
In addition to Box’s app, IBM has built secure connectors for other popular and commonly used work apps, including tools from Microsoft Office 365, Google Apps, Salesforce.com and more.
This catalog of app connectors is constantly expanding, and features added security checks on their integrity and safety using deep threat analytics from IBM X-Force, IBM’s global threat intelligence network. This intelligence enables security and IT teams to quickly react to emerging threats from cloud apps, blocking and taking action against the ones that may present a risk.
Built by IBM Security, the Cloud Security Enforcer technology helps organizations reduce the challenges of shadow IT, defend against malicious actors looking to prey on unsafe cloud app usage, and realize the productivity and efficiency benefits of using cloud apps securely.
The technology delivers four core capabilities. It detects unauthorized cloud app usage among employees, enabling companies to determine and securely configure the apps employees want to use, as well as manage, view and direct how they are securely using and accessing them. It determines and enforces what company data can or cannot be shared by employees with specific third-party cloud apps. It connects employees to third-party cloud apps through secure connectors, including automatically assigning sophisticated passwords, helping to alleviate security breaches caused by human error – 95 percent of all incidents — such as weak passwords. It also protects against employee-induced and cloud-based threats through analysis of real-time threat data from IBM’s X-Force Exchange.