Cloud security is good, but here’s how to make it better

Three simple ways to get more out of default cloud security infrastructure

cloud security ts

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

More than a third of businesses in the United States currently use the cloud, but by 2020 that number is expected to more than double to a whopping 80%. But even though the cloud is secure, it doesn’t guarantee immunity from data breaches. Now that the cloud is rapidly becoming a mainstream part of IT, businesses must think more critically about how to bolster their security beyond cloud providers’ default security infrastructure—which often proves to be inadequate for the changing face of business.

Conventional cloud providers make a good effort to offer robust security measures.  They generally come equipped with server-side encryption, user controls, data restoration abilities, and device wiping capabilities meant to protect your files in the cloud. Still, despite these measures, there’s a major—but little discussed—gap in cloud security, and it has to do with that other major mobile work trend, BYOD.

More than 40% of American employees use personal smartphones, tablets, or flash drives for work purposes, and 83% admit they prefer cloud apps to their on-premise equivalents and are likely to seek them out. But whether or not an employer explicitly sanctions cloud and app usage, the same problem persists: Once files are synced to a mobile device—which, let’s face it, is a major reason to use the cloud in the first place—the cloud provider’s default encryption disappears, and files are exposed on the cloud.

More than 70 million smartphones are lost each year. Add to that the number of lost and stolen tablets, flash drives, and laptops, and it’s easy to see just how easily unencrypted data can fall into the wrong hands. Lost and stolen devices are one of the main contributors to data breaches—and it’s largely because of this lack of encryption on devices.

The good news is that despite the existing flaws in cloud security, protecting your files is possible. There are a few simple ways to get more out of default cloud security infrastructure to keep your business secure and compliant with any number of federal regulations:

* Encrypt data at the file level. It’s no longer sufficient to protect only the perimeter, which, these days, is pretty much the same as relying only on server-side encryption. Encrypting files only at rest isn't enough either — unless your team isn’t syncing any files to the cloud, which just isn’t a feasible option in today’s cloud-based ecosystem.

File-level encryption, on the other hand, protects the data itself (rather than just the place it’s stored) before it ever reaches the cloud. This means that files will remain encrypted wherever they go, including mobile devices, and only authorized users will be able to retrieve them. Deploying this kind of encryption to bolster cloud providers’ default precautions is paramount for keeping financial information, personal data, and intellectual property secure, particularly in a workplace that encourages BYOD or where team members work remotely or on the go.

* Deploy a cloud access security broker (CASB). Currently, only 5% of businesses use a CASB, but reports have predicted that usage will skyrocket to 85% by 2020. A CASB provides a unified security solution that lets team administrators detect data loss risks, deploy protections, and enforce security protocols all in one place. A CASB will also let employees continue using the cloud providers they’re already used to, but will grant administrators the necessary outlet for monitoring how files are being shared.

A CASB doesn't let data slip through the cracks, and it establishes strong visibility—a must for knowing exactly where sensitive content is being stored and with whom it's being shared. As data continues proliferating throughout the cloud, more and more businesses will start using CASBs to keep up with the information and more effectively guarantee its protection.

* Separate the encryption content from the keys. When the encryption keys are kept separately from the content, a hacker won’t be able to access the content if he doesn’t have the keys. Deploy a solution that ensures this separation, allowing your IT department to good security hygiene. This way, even if your cloud provider is compromised, your data is less likely to be breached.

The cloud is quickly becoming a necessity for businesses to keep up with today’s workflow. But simply deploying cloud solutions is not enough. Businesses have to do their research and find the right enhancements that will adequately bolster their default security protocols. File-level encryption, CASBs, and content-key separation are a great place to start to ensure that your most sensitive files stay secure.

Cidon is CEO and co-founder of Sookasa, a cloud access security broker that provides visibility, DLP, and compliance for leading SaaS services such as Dropbox, Google for Work, and Office 365. Learn more at

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2016 IDG Communications, Inc.