Since the turn of the millennium, the web security market has become dominated by large vendors and has seen no real product development. Often, brand design has been made a priority over the development of new functionality. The result has seen the web security market stagnate with resellers’ options becoming increasingly limited, leaving a huge swathe of channel partners disillusioned with nowhere to go, writes Ed Macnair, CEO of CensorNet.
The average employee uses 27 applications everyday in the workplace, yet legacy solutions were developed before the global explosion of web applications such as Salesforce, Facebook and Dropbox came into the picture. Since then, web security has not evolved fast enough to cope with the vast number of cloud applications used every day as part of the modern business ecosystem.
The channel now has to review and expand its portfolio away from outdated solutions that fail to address the needs or complexity of the modern and mobile work environment. By 2016, 25 percent of enterprises will secure access to cloud-based services using a cloud access security broker (CASB) platform, according to Gartner’s The Importance of Cloud Access Security Brokers (CASB). So isn’t it time the channel took notice?
CIOs and IT departments are under increasing pressure to provide employees with reliable and secure web access, whilst controlling the use of cloud applications; all without compromising data security and preventing the spread of Shadow IT.
Instead of going through the red tape of IT procurement, provisioning, testing and security, employees are quick to download the latest app to access or share data. However, such a quick fix can have damaging implications on a company’s most valuable corporate assets – its intellectual property and brand reputation. Data breach statistics from IBM has also shown that 43 percent of C-level executives say negligent insiders are the greatest threat to sensitive data. With apps like Dropbox that can be downloaded quickly and are easy to use, it is not a trend that is going to disappear any time soon. If you can deploy an app in seconds to get the job done without the delay of following IT regulations and security, then why not?
The problem is that most apps are generic; created to service a mass market with only a basic level of security. As more companies embrace cloud applications to replace on-premise legacy systems, they must be aware of the potential security risks. To successfully apply security and policy settings, businesses need greater visibility and control of enterprise data in the cloud that is accessed using both company-managed and bring your own devices (BYOD).
In order to cope with the exponential rise of the app, data and cloud market, the channel should look for web security solutions that offer cloud application control (CAC) capabilities beyond the traditional security functionality. Security should extend beyond the web gateway and bridge the fundamental gap between traditional web security and cloud application control to secure the way in which we use apps today.
Ideally the new web security solutions with inbuilt CAC functionality should truly ‘follow the user’ by monitoring all actions. It should encourage the use of cloud apps and services while keeping assets secure. This requires the ability to analyse the risk, audit and log all usage to maximise visibility at the time an issue occurs, rather than acting as a forensic tool post-event.
The channel has a duty to its customers to provide the latest technology available and update its web security portfolios so they can protect against their employees posting damaging or libellous comments about the company, or publishing sensitive commercial data on their feeds or uploading them to other cloud apps.
As cloud application adoption continues to gather momentum, the channel needs to educate their customers of the advantages the CAC functionality brings.