top of page

DATA SECURITY IN THE CLOUD; CLOUD ACCESS SECURITY BROKER (CASB)

How Cedrus + Netskope can help provide data security in the cloud

  • Shadow IT and Business Remediation Processes: End users are signing up for application services to solve business challenges. 

    • Example of the challenge: An internal business unit team decides to collaborate with Evernote, but Microsoft OneNote is the company procured application service for this type of collaboration.  Has an employee subscribed to a paid version of Evernote?  What are the terms and conditions?  Is the IT department aware of this application’s use?  What corporate data is being shared in Evernote?  Is any of that data subject to compliance/regulatory mandates?  

    • Cedrus + Netskope can help: We can help your business discover all cloud applications in use, measure them against corporate requirements and risk evaluation scores based upon values like compliance, data ownership, and encryption.  We can help your business establish operational processes to engage with business units to identify unsanctioned cloud applications and help them adopt sanctioned cloud applications.

  • Remote Workforce Security Management: End users working from home on corporate or personal devices, need access to business apps.

    • Example of the challenge: Users are working from home more frequently than ever.  They need access to specific application services like Microsoft 365, Salesforce, and ServiceNow, which may have internal or confidential data.  Do we need to allow access to these services from non-corporate devices?  How do we protect internal or confidential data from being downloaded or migrated from our cloud app services?

    • Cedrus + Netskope can help: We can help your business integrate identity and CASB technologies and create policies that prohibit specific actions based upon the device type, location, or other critical factors.  We can assist in creating policies that will detect data exfiltration attempts and block it or raise alerts for action.

  • Data Leakage Prevention (DLP) / Exfiltration Prevention: Internal, confidential, and regulated data can be involved in everyday use of documents and spreadsheets.

    • Example of the challenge: Workers are extracting and uploading customer data in spreadsheets and documents.  Some of these may be destined to storage locations with the potential to share.  How do we prohibit this sensitive information from sharing to places that are unsanctioned/undesirable?

    • Cedrus + Netskope can help: We can help your business implement policies that scan and protect sensitive data.  We can scan and protect data already in cloud storage that you’ve sanctioned, and we can scan data real-time in-line before it is written to cloud storage.  We can catch accidental leaks and prevent malicious insiders.  We can use this as an opportunity to coach users into where sensitive data should be stored and how to handle it.

  • Threat / Malware Detection and Prevention:

    • Example of the challenge: Terabytes of data exist in cloud storage.  Files are being shared continuously.  New Malware/Ransomware is being released ongoing. How do we ensure that files/links coming in or going out do not contain Malware?  How do we integrate and orchestrate cloud based threat detection into the main NextGen AntiVirus solution?

    • Cedrus + Netskope can help: We can help your business implement policies that scan and protect data both in cloud storage and as it is shared and used in-line, real-time in cloud application services.  Detection events can be integrated with endpoint security management systems like CrowdStrike and Carbon Black

  • Access Control for Cloud applications and Services

  • Acceptable Use Policy monitoring and enforcement

  • Data Classification and Tagging

  • Encryption, Key Management, and Bring-Your-Own-Key (BYOK) strategies

As responsibility for business application services has shifted from internally delivered, corporate, on-prem solutions to cloud delivered application services; business responsibility for information security has shifted toward Identity, Access, and Data Security.  Cloud Software-as-a-Service (SaaS) providers are practicing more robust security protocols than almost any business (in the layers of security that they are responsible for), but potential threats and risks have grown exponentially for businesses that use SaaS in relation to the misuse of data and mismanagement of access.  Cloud Access Security Broker (CASB) is an integral component of the technical architecture involved in achieving data security in the cloud. 

 

Cedrus partners with Netskope as our preferred CASB solution vendor.  This strategic partnership allows Cedrus to bring domain level expertise in cloud security coupled with best-of-breed technology to CASB initiatives.  Cedrus has chosen to partner with Netskope because they are a solution whose vision aligns with Cedrus, their products are built for cloud and designed in the cloud, and their company culture of excellence coupled with technology innovation in unmatched in this space.  Learn more about our Netskope partnership here.

​

CEDRUS CAN HELP

1. Cloud Security Advisory:

 

Cedrus assists businesses in building cloud security governance, oversight teams, and the necessary processes for cloud adoption and usage.  We help to clarify guidance and capture minimum requirements such as:

  • Legal considerations in engaging cloud a vendor such as terms and conditions, license agreements, or data jurisdictions

  • Compliance considerations in engaging a cloud vendor such as data center compliance, Payment Card Industry Data Security Standard (PCI DSS) compliance, or Service Organization Control (SOC) reporting

  • Information Security considerations for engaging a cloud vendor such as security controls and encryption capabilities

  • Information Protection considerations for engaging a cloud vendor such as data ownership or data deletion upon service termination

  • IT department architecture considerations such as protocol requirements or integration requirements

​

Ready to Get Started? Contact us!

 

2. Cloud Security Standards:

 

Cedrus assists businesses in the creation of reference documents in the area of cloud security standards and guidelines to be used for internal project teams embarking upon initiatives leveraging the cloud.   

​

Step 1: Perform a Gap Analysis that provides evaluation of existing cloud-relevant Information Security Policies and Standards to incorporate into the process, including:

  • Acceptable use

  • Identification and Authentication

  • Application Security

  • Data Classification / Handling

  • Vendor Risk Management

  • Encryption

  • Logical Access Control

  • Compliance

 

Step 2: Create a Guidelines and Standards Document that will outline the security governance criteria including, but not limited to, general standards such as:

  • Regulatory Mandates

  • Enterprise Risk Levels

  • Vendor Trust Criteria

  • Data Classification and Data Leakage Prevention (DLP)

  • Identity and Access Management, Access Control, Privileged Access

  • Encryption and Key Management

  • Mobile and Endpoint

​

Ready to Get Started? Contact us!

 

3. Cloud Security Capability Assessment:

 

Cedrus also assists businesses with cloud security capability mapping, ensuring that control gaps can be identified and closed and that best practice security approaches for operating in the cloud can be met.  We partner with Cloud Security Alliance (CSA) and leverage the Cloud Controls Matrix (CCM) and our consultants all hold the CSA Certificate of Cloud Security Knowledge (CCSK).  [CSA LOGO]

 

Step 1: Capability Map - In this process the Cedrus consultants analyze the existing cloud security technology capabilities as compared to the relative guidance provided in the CCM.  We assist in determining:

  • Does a capability exist where a control is recommended by CCM?

  • Do any gaps exist where a control is required by business policy?

  • If capabilities exist, are they implemented and managed?

  • Are there redundant tools/solutions in any area?

  • Are tools/solutions cloud ready and/or cloud aware and supported/supportable?

 

Step 2: Create a recommendations and roadmap document to outline recommended solutions to control gaps or under-configured solutions along with a suggested timeline and budget to implement the controls.

​

       Ready to Get Started? Contact us!

bottom of page