work in cloud

Cloud security for remote working era

Estimated reading time: 4 minutes

We may have been labouring under a very narrowed view of what BYOD really is.

One Bitglass-supported research in June 2021, revealed that the bring-your-own-device phenomenon which appeared at workplaces around 2010, encompasses more that just employees bringing personal and unmanaged devices to work.

Overall, 82-percent of organisations enabled BYOD to some extent, and offered it to other groups like contractors (26-percent), partners (21-percent), customers (18-percent) and suppliers (14-percent).

Due to the pandemic, 47-percent of organisations surveyed reported a huge increase in BYOD uptake.

What all these mean is the attack surface for companies has increased. Plus, the variety of ways that different categories of BYOD users are accessing corporate data, necessitates an organisation-wide rethink of approaches to securing their access.

To add some context, 22-percent organisations confirmed that in the past year, unmanaged devices downloaded malware. Forty-nine percent however are unsure or are unable to disclose whether they have been compromised by malware.

Total cloud security

Bitglass describes itself as a total security company specialising in secured access service edge or SASE. For Bitglass, SASE includes three important technologies which are cloud access secure brokers or CASB, cloud web security, and zero trust network access (ZTNA).

But, what does Bitglass do differently?

Bitglass’s Senior Director of Marketing Jonathan Andresen pointed out that their solutions offer three value propositions – visibility, performance, and scalability.

“Our big advantage with visibility is that we are agentless. You don’t have to put an agent on your device and that’s a huge plus,” he said. To inspect traffic, Bitglass works with activity logs and behaviour analytics to detect suspicious traffic.

“The architecture we have built is for the cloud and performance is much better because we put security at the edge and on the device itself,” Jonathan said adding that traffic does not need to through web security appliances located at the data centre. “It’s all done on the device, it is decrypted there, it’s managed locally, and it’s better for privacy.”

Jonathan also shared they have a polyscale architecture that rests on the public cloud, which keeps away typical issues like bottlenecks. “Using the large global infrastructure components of large providers is so much better for scale and reach, and also uptime,” he explained.

But as organisations valiantly scramble more security point solutions to protect a surging number of endpoint devices, more complexity creeps

The company’s approach to SASE also addresses what appears to be a slow but sure convergence of cloud security and traditional network security. At the moment, CASB is the cornerstone of Bitglass’s SASE concept.

Multi-mode CASB

Jonathan said, “I would describe CASB as a single point of visibility and control for all your cloud applications.”

In 2012, Gartner first defined cloud access security brokers, CASB, as points located between cloud service consumers and cloud service providers. CASB consolidates multiple types of security policy for compliance.

A huge shift towards remote working has seen an unprecedented number of workers using many more new cloud services and mobile technologies. This has contributed to the uptick in BYOD usage. But as organisations valiantly scramble more security point solutions to protect a surging number of endpoint devices, more complexity creeps in.

Jonathan pointed out, “You really want to protect every type of cloud service and all your apps that are sitting across different clouds or on-premise at your data centre.”

He opined that users should not have to download agents for every use case they have, and proposed that multi-mode CASB can help instead.

Instead of having a single security framework for all users in all situations… it’s very inflexible. It doesn’t work in normal times, it definitely doesn’t work in pandemic times!

“There may be cases where I want to access my apps for work on my phone. But I don’t want to install an agent. So I use reverse proxy.” When users open managed apps, a reverse proxy is inserted into the path of traffic so that it can monitor data in transit and apply protections in real time.

Security for remote working era

Reverse proxy is only one CASB mode and it is adept at overcoming drawbacks of the other two modes – API integration and forward proxy. The type of apps being accessed, and where these apps are located (data path to the user), will determine CASB mode that comes into play.

Jonathan said, “I think giving people a platform that is flexible and can be more agile for their security, is better.

“Instead of having a single security framework for all users in all situations… it’s very inflexible. It doesn’t work in normal times, it definitely doesn’t work in pandemic times!”

Bitglass wants to offer that platform that secures all types of apps – cloud, hosted, internal, web, managed and more – and be that single point of control and visibility, across all the types of people accessing an organisation’s corporate data.