Even post-COVID, a permanent shift to more remote and flexible working seems to be a theme for most organisations. This throws up some challenges for IT teams in securing user’s and data, but it isn’t the only one.
The cloud and ‘As-a-service’ of everything presents it’s own challenges when it comes to securing your data. Cloud vendors often talk about ‘data movement’. This can present situations where content containing personally identifiable information (PII) may be saved to non sanctioned, or even publicly exposed locations.
To deal with some of these challenges, IT teams have applied the tools at their disposal, using things like VPN’s to attempt to get visibility and control over users. But this approach creates its own headaches :
- Poor performance – You’re essentially creating a bottleneck where all users need to be hair-pinned through your corporate network in order to get any visibility. This also adds stress to neighbouring infrastructure.
- No off-site protection – If a user is remote or off-VPN there is limited or no protection for their web and cloud access.
- Limited cloud or application fluency – If you want to to allow or block a cloud app using a VPN, it’s generally just via DNS hostnames. But being able to apply fine grained controls like blocking uploads, show a user coaching page, or inspect content for DLP violations is limited to non existent.
- Single point of failure – Forcing users through a VPN presents points of failure, whether it’s link or hardware failure that can stop people working and grind a remote workforce to a halt.
How do I fix it?
One way we’ve been solving some of these issues for clients is using a Next-gen Secure Web Gateway, which Gartner now places in the Secure Access Service Edge (SASE) market segment. A Secure Web Gateway :
- Is cloud native – A good Secure Web Gateway understands the thousands of cloud applications out there, how users interact with them and how data is shared and stored to them. This is a huge benefit when you want to apply policy or controls to them.
- Combines CASB and DLP – CASB allows you to connect directly into application API’s (such as Microsoft Office365) to gain additional visibility and control. Combining that with Data Leakage Protection to identify where your sensitive documents are going and control that is a very valuable capability in a cloud driven world.
- Works Everywhere – No VPN’s required, the SWG applies the same visibility and policies to your remote users as if they are on premise.
- Provides Malware and Threat Prevention – Protecting your users from web based malware threats, as well as phishing and credential compromise is another native benefit.
IT and Security teams are under increasing pressure to secure users and data, with remote working and cloud adding complexity. But we’re finding technology such as Next-Gen SWG can alleviate some of these pressures, by allowing secure web and cloud access to users even outside the traditional corporate boundaries.
