Organizations are adopting the cloud in a big way. Cloud apps – the most visible and adopted segment of cloud computing – have proliferated in enterprises and have now reached a tipping point. As we have focused on this segment and interacted with hundreds of forward-thinking CIOs, CISOs, cloud architects, and other cloud computing thought leaders, we have collected best practices and recommendations for safely enabling the cloud in enterprises.
We are excited to announce that we’ve compiled these best practices and recommendations into the industry’s first “Cloud Security for Dummies” book, authored by Netskope’s founders and key architects, Lebin Cheng, Ravi Ithal, Steve Malmskog, and Krishna Narayanswamy.
The book is full of advice ranging from how to think about cloud compliance to implementing a cloud policy. Below is a summary of the authors’ top 10 must-haves for ensuring a safe transition to the cloud.
- Discover apps. Discover the apps in your environment and assess their risk – both inherent and in the context of how they are used.
- Segment apps. Segment your apps by whether they’re sanctioned (managed by IT) or unsanctioned (brought in by departments or individual users).
- Secure access. Secure access to your sanctioned and ideally unsanctioned business apps with single sign-on (SSO).
- Audit activities. Understand user activity and its context. Who’s downloading from HR apps? Who’s sharing content outside the company, and with whom?
- Understand content. Understand and classify sensitive content residing in, or traveling to or from, your cloud apps.
- Detect anomalies. Monitor cloud apps for anomalous activity that could signal compromised credentials, security threats, noncompliant behavior, data theft or exposure, and even malware.
- Enforce granular policies. Define granular policies that are enforceable in real-time, across both sanctioned and unsanctioned apps, regardless of whether users are on-network or remote, and whether in a web-based or native cloud app.
- Protect data in context. Have a data protection strategy. For highly sensitive content that can’t be in the cloud at all, define policies that prevent it from being uploaded to any cloud app. For the next tier of content that can reside in the cloud, apply the appropriate level of security policy. This may include encrypting data before it reaches the cloud and/or limiting sharing options.
- Ensure compliance. Ensure regulatory compliance with continuous cloud monitoring, maintenance and review of cloud audit trails, remediation, and reporting.
- Coach users. Coach users both through conversations and in an automated way. Let them know when they’ve done something that’s out of compliance (ideally in real-time, as the action is occurring), whether you block them, let them report a false positive, or let them bypass the policy with a justification.
You can get your complimentary copy of the book here. We hope you find it useful as you consider your safe cloud enablement strategy.