IT has moved out of the organization on to the cloud. Users also work from anywhere and want to access business data using various devices. While the technology to support this has evolved, security protocols haven’t really kept up. However, there is a new approach to this called CASB or Cloud Access Security Broker.
BW CIO World met
Nicolas Fischbach, CTO, Cloud Security, Forcepoint to ask him more about CASB and people-centric security.
Excerpts from the interview:
BW CIO: What do you mean by a people-centric security framework? We believe that users are everywhere and they require access to data, wherever they are, regardless of which devices they use to access it. There are different behaviours that allow them to access data differently. These can be broadly classified as accidental access to information, accidental insider behaviour, and malicious insider behaviour. There is also the compromised insider where user credentials are compromised by a hacker and he pretends to be a legitimate user of the organization.
While the landscape has changed, we don’t think security has evolved too much to help organizations to make this shift. However, the technology that enables users to access data has changed significantly.
Security has not evolved significantly. Organizations have been spending on security products, but we believe the approach is threat centric. Lots of investment in defensive technologies, which makes them more reactive. There’s lot of investment going into securing the non-existent perimeter (the user is the perimeter).
The controls have to follow the user.
So we are building solutions to help our customers understand the intent of users accessing information, and accordingly enforce controls. It is about detecting unwanted changes to information. This is what a people-centric approach to information security is all about.
BW CIO: Browser-based security and malware through web applications have been gaining importance. How are you addressing this through your solutions?Everything is going http and https today and it is too easy to abuse. For many years users were constrained by IT. And now, the cloud has brought in the concept of shadow IT (with applications on the cloud). In the beginning organizations blocked shadow IT, but at some point they had to adopt it, since it became a business enabler.
In February this year, we acquired a company called Skyfence. It is a Cloud Access Security Broker (CASB). This is very unique technology that gives visibility into web applications.
BW CIO: With cloud security gaining more importance, how is the role of the CISO changing?One thing we have seen is a change in mindset. So the mindset has shifted from: Is cloud an option? To Cloud first. Earlier the CIO was trying to keep the data and the servers in his basement, within his control. But now there is a shift to using the clouds and a SaaS model; the CISO is becoming a risk manager. He took on additional responsibilities for CIA, identity access management, single sign on etc. He has a big stake in regulatory compliance and legal.
So we think web security is becoming more user centric and you will need the right set of tools for it. It becomes more granular and that’s where CASB comes into play.
BW CIO: So how does this change the approach to security?When people implement CASB they realize how widely some of these (cloud) applications are being used, by which users, and how risky they are. It is also important to understand the capabilities offered by those applications and why people use them. The next step is to enforce policies for those web applications – policies that are linked to the way those applications behave.
Take an application like Salesforce, which is pretty common in the business world. Everyone pulls all business data into Salesforce and use it to run the business.
Forcepoint CASB actually allows us to control the workflows inside Salesforce. It is very granular and helps us link data to users. We can do this live or through the APIs. We can access Salesforce and get forensics data. So we can understand what users are doing with the data and where.
Looking at the data, we provide a risk score for users, and can predict which users are becoming more risky than others – and trend information pertaining to user behaviour.
_20240911192319_original_image_15.webp)
