This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
Traditional security solutions built to protect the enterprise are pretty much irrelevant when it comes to the public cloud. People are using privately-owned devices and unknown networks from anywhere to directly access cloud applications that are out of the reach of corporate governance and security controls.
This has given rise to a new category of security products, what Gartner refers to as "cloud access security brokers," and what 451 Research calls "cloud access controls." These products create a gateway that sits between the end users and their cloud applications. Depending on the solution, the gateway performs a variety of functions such as discovering and reporting on applications in use, applying corporate policies, determining the risk of using various applications, and enforcing security measures such as encryption and data loss prevention.
One of the newer players in this market is FireLayers, which focuses on adding granular security and governance controls to SaaS applications and the enterprise data they hold. Controls and rule sets can be defined based on users, environment, actions, conditions, and more. FireLayers provides a large set of pre-defined policies for the most popular SaaS applications, and organizations can create their own policies to get to just the right level of governance and control that the organization needs, the company says. Controls can be applied to a specific application or across the board to all applications.
For example, an organization might use Google Drive for cloud-based document storage. The company can use FireLayers to require all files being uploaded to Google Drive to first pass through the company's existing anti-virus and anti-malware solutions. Likewise, all files being downloaded from Google Drive could be required to pass through a DLP tool to ensure adherence to policy on extracting data.
The organization can set a system-wide rule that requires administrators who are logging in to administrative accounts to use two factor authentication and to disallow access by administrators if their login location is outside of the United States. System-wide rules help to provide a unified approach to cloud application security and compliance, no matter what those applications are.
FireLayers has three main product features: Control, Respond and Analyze.
FireLayers Control is the core of the platform; it is the policy manager that enables a security administrator to build the required rule sets that enable the organization to meet its governance and compliance requirements. FireLayers says it is able to control every command in any cloud application using the XACML protocol. XACML allows you to define who is allowed to do what in a cloud application based on the user and the context of the session. These definitions, or rule sets, are selected or created by security operations personnel using an intuitive user interface with pull-down menus for simplicity.
FireLayers can connect with an organization's existing directory system or identity management system to know who the users are and what groups they belong to. This information ties right into the rule sets to help control who can do what, when, from where, and with what device. It's almost like a firewall or network access control tool for cloud applications.
FireLayers Respond is a repository of actionable cloud security research, including threat assessments, documentation of known breaches, identified technical vulnerabilities and proven cloud controls. FireLayers operates a Response Center in which a team of security experts researches cloud applications to look for security gaps and risks. This team then builds the recommended policies that yield the security rule sets and compliance rule sets built into the Control aspect of the solution. FireLayers Respond is basically a combination of people and technology that responds to the risks of cloud applications with mitigations that can be automatically deployed.
FireLayers Analyze is a collection of discovery, reporting and analysis tools that provide an in-depth analysis of user behavior, anomalies, attempted and successful breaches, data sprawl and more. Most organization start with an analysis of what cloud applications are in use, who is using them, and how they are being used. From there the company can select or create the rule sets that meet its needs. As for reporting, many customers choose to feed the FireLayers reports into their SIEM or other existing security reporting tools in order to have this information in one consistent place.
Organizations can deploy the FireLayers proxy in a variety of ways, depending on a customer's preferences. FireLayers ultimately needs to be between the users and the applications. One way to do this is to use FireLayers to host the proxy. Or, a customer can choose to install the proxy on premise or in its own private cloud. Users are directed to the proxy in a variety of ways, such as with a SAML gateway, or via a VPN for mobile phones. No client software is needed. The net result is that all users pass through the FireLayers controls before they get to their cloud applications.
Using the Control, Respond and Analyze features of FireLayers, a company can raise all of its cloud applications to a unified level of true enterprise security and compliance. What's more, that level of security and compliance is completely customized to that specific organization, whereas most SaaS applications have a one-size-fits-all approach to controls. It's this granular level of cloud application control that differentiates FireLayers from other products in the cloud access security broker/cloud access control market.