Is Cloud Application Control the Silver Lining That Any Next Generation Web Security Solution Needs?

The proliferation of Bring Your Own Device (BYOD) within the modern business environment was as much a matter of timing as anything else. The uptake of employee-owned devices basically dovetailed with the end of global financial crisis. Not surprisingly, businesses looking to reduce their overall capex costs encouraged the trend as the cost of purchase, replacement and general day-to-day management of hardware became the responsibility of the owner.

Coupled with cost reduction, BYOD also brought others benefits to organizations. Not least of which was that by allowing workers to access systems from outside of the physical parameters of the office, staff could actually exceed their contracted hours and effectively work harder at a time when wages were being frozen.

The ongoing consumerization of IT is creating a shadow IT community, of which CIOs have little or no control. According to research, nearly 70% of employees who own a smartphone or tablet now choose to use it to access corporate data. The same research also found that the majority of these devices were not being managed through corporate channels – 30.7% of employees discovered their own file sync and share apps.*1

Additional research has shown that 78% of UK based businesses are now using a cloud-based service, a 61.5% increase since 2010. Cloud applications and cloud storage are both options that enable businesses to create an elastic technology framework.*2 

Today’s web security solutions must offer Cloud Application Control capabilities beyond the traditional security functionality to provide organizations with greater visibility and much better control of the use of cloud applications

With cloud application adoption throughout modern UK businesses growing, there has been a fundamental shift in how the BYOD endpoints need to be secured and managed. Organizations need visibility into the use of cloud applications and understand the risk they present, yet many still have legacy web security solutions designed over a decade ago that can no longer address the needs or the complexity of such modern technology.

Today’s web security solutions must offer Cloud Application Control (CAC) capabilities beyond the traditional security functionality to provide organizations with greater visibility and much better control of the use of cloud applications across all devices, regardless of whether users are in-office or mobile. Gartner agrees; predicting that by 2016, a quarter of enterprises will secure access to cloud-based services using a Cloud Access Security Broker  (CASB) or CAC platform, reducing the cost of securing access by 30% in the process.

The days of pointing at the cloud provider if something goes wrong have passed. Users will find their way around any policy to get the job done, so the challenge remains to enforce security policies transparently without intervening in the end user experience that people have grown to enjoy from cloud related services. Modern CAC solutions should have the ability to change BYOD from a well-meaning concept to an applied business-friendly policy. It should enable the discovery of cloud apps in use, analyze the risk and be able to audit and log all usage, maximizing visibility for everyone’s benefit beyond simply reporting after the event.

BYOD as a concept has enjoyed a decent shelf life but the security uncertainties that accompany it have eroded and are fast becoming yesterday’s concerns. The barriers to adoption are diminishing and the mitigation of security risk is there for progressive companies that are willing to trash technology that was designed and architected to serve the market challenges of BYOD a decade ago.

*1 data gathered by research firm Ovum.
*2  According to an annual study from Vanson Bourne


About The Author

Ed Macnair, CEO and Chairman of cloud security specialist, CensorNet, has over 30 years of sales and business development expertise in the technology and IT security world. With a proven entrepreneurial track record of successfully developing technology companies, he is responsible for the company’s sales, marketing and product strategy.

Ed led the acquisition of CensorNet in October 2014 with the aim of accelerating the company’s product development and aggressively growing web security revenues through its global channel partners and new partnerships with managed service providers.

His experience in cloud security is unquestionable: he was previously the founder and CEO of SaaSID, a UK based single-sign on and application security vendor, which was acquired by Intermedia Inc. in September 2013. Before Intermedia and SaaSID, Ed was CEO of Marshal, a global web and email security company which merged with US web security provider 8e6 Technologies to form M86 Security.

Ed has also held senior management positions with MessageLabs, Symantec, IBM and Xerox. 


What’s Hot on Infosecurity Magazine?