IT Briefcase Exclusive Interview: The rise of cloud application control technology

The ongoing consumerization of IT is creating a shadow IT community, of which IT departments have little or no control. According to research, nearly 70 percent of employees who own a smartphone or tablet now choose to use it to access corporate data. The same research also found that the majority of these devices were not being managed through corporate channels – more than 30 percent of employees discovered their own file sync and share apps.

With cloud application adoption growing, there has been a fundamental shift in how the BYOD endpoints need to be secured and managed. Organizations need visibility into the use of cloud applications and understand the risk they present, yet many still have legacy web security solutions designed over a decade ago that can no longer address the needs or the complexity of modern cloud applications.

The emergence of Cloud Application Control (CAC) capabilities that go beyond traditional security functionality to provide organizations with greater visibility and much better control of the use of cloud applications across all devices, could prove to bethe silver lining that any next-generation web security strategy needs.

In this interview, Ed Macnair, CEO of CensorNet, speaks with IT Briefcase on how security technologies needs to evolve to meet the challenge and opportunities of cloud computing.

• Q. How do you define Cloud Application Control (CAC)?

A. Traditional IT security has been unceremoniously exposed to lack the flexibility demanded by the market it seeks to serve. The emergence of Cloud Application Control (CAC) has instigated a new directive for the security industry. CAC at the top of its game should truly ‘follow the user’ and their behavior. It should encourage the use of cloud apps and services while keeping both the user and corporate data safe. It should have the depth to be able to analyze the risk, audit and log all usage, maximize visibility at the time that an issue occurs; not act as a purely forensics tool, that points out the obvious long after it’s all gone horribly wrong.

The market has been calling for a service that runs in the Cloud responsible for aspects like authentication, policy enforcement and reporting for some time now. Add into that a component that is installed either locally on the network (as a virtual software appliance), on the endpoint, or it could be a hybrid combination of both. Then you have a heavyweight contender with a lightweight footprint.

CAC has the opportunity to bring forward an era of specialism within our market that both organizations trust and users don’t notice. Productive and easy to use apps have gone from strength to strength and the reasons are simple.

• Q. In order to keep up with the exponential rise of the app, data and cloud market, what should IT and security teams look for in web security functionality?

A. Today’s security solutions should extend beyond the web gateway and bridge the fundamental gap between traditional web security and cloud application control to secure the way in which we use apps today.

Ideally the web security solutions with inbuilt CAC functionality should truly ‘follow the user’ by monitoring all actions. It should encourage the use of cloud apps and services while keeping assets secure. This requires the ability to analyze the risk, audit and log all usage to maximize visibility at the time an issue occurs, rather than acting as a forensic tool post-event.

• Q. How can organizations control the use of cloud applications without compromising data security and preventing the spread of Shadow IT?

A. Instead of going through the red tape of IT procurement, provisioning, testing and security, employees are quick to download the latest app to access or share data. However, such a quick fix can have damaging implications on a company’s most valuable corporate assets – its intellectual property and brand reputation. Data breach statistics from IBM has also shown that 43 percent of C-level executives say negligent insiders are the greatest threat to sensitive data. With apps like Dropbox that can be downloaded quickly and are easy to use, it is not a trend that is going to disappear any time soon. If you can deploy an app in seconds to get the job done without the delay of following IT regulations and security, then why not?

The problem is that most apps are generic; created to service a mass market with only a basic level of security. As more companies embrace cloud applications to replace on-premise legacy systems, they must be aware of the potential security risks. To successfully apply security and policy settings, businesses need greater visibility and control of enterprise data in the cloud that is accessed using both company-managed and BYOD.

• Q. Any closing remarks?

A. If we’re to learn anything from the dynamic popularity of the app world, it is that innovation and forward motion inspires, captures imagination and makes all things possible. By denying users the option to use the apps that encourage them to be productive, we fail to recognize the huge leaps we have made as an industry in keeping the Internet a safe place to be. Today, cloud security has a new directive, to liberate and enable users to do their jobs, safe in the knowledge that they’re protected but not prohibited.

The answer lies in the ability to sensibly control the use of cloud applications, apply risk mitigation through policy and help employees avoid circumventing necessary business controls to get the job done. If we’re to learn anything from the dynamic popularity of the app world, it is that innovation and forward motion inspires, captures imagination and makes all things possible. That requires a departure from conventional thinking for the security market and it’s also a long overdue push for those that seek to prohibit progress.

Ed Macnair is CEO of CensorNet, with 30 years of sales and business development expertise in technology and IT security. He has a proven entrepreneurial track record of successfully developing technology companies and leads the company’s sales, marketing and product strategy.

Ed joined CensorNet to accelerate the company’s product development efforts and aggressively grow the web security revenues through its global channel partners. He was previously founder and CEO of SaaSID, a UK based single sign-on and application security vendor, which was acquired by Intermedia Inc. in September 2013. Before Intermedia and SaaSID Macnair was CEO of Marshal, a global web and email security company which merged with US web security provider 8e6 Technologies to form M86 Security. Macnair has also held senior management positions with MessageLabs, Symantec, IBM and Xero