AST Digital Magazine August 2017 Digital-Aug | Page 48

Volume 15
August 2017 Edition
This can cause problems either when an insider
within the CSP uses it maliciously or when a fed-
eral agency submits a blind subpoena to gain ac-
cess to the customer’s data within the CSPs data
centers.
Tokenization is another way to secure infor-
mation. •
It works by creating a random token value for
plain text, and stores the mapping in an on-
premises database. •
•
•
Tokenization ensures that sensitive information
remains within the organization, but if the data-
base containing the tokens is exposed then data
can be detokenized.
Typically, tokenization is used for structured data,
such as payment card data stored in structured
form. Encryption can be used for both structured
and unstructured data.
Tools for Cloud Security
While these best practices are the foundation of
better cloud security, the following tools can also
help in eliminating data security vulnerabilities:
• SIEMs: Security information and event man-
agement (SIEM) is a must-have security so-
lution for large enterprises.
• SIEMs analyze inbound events coming
•
ning a badge to get in a building), soft-
ware (employee logs into their work
computer), and now, cloud services.
• SIEMs correlate events from a myriad
of sources to generate security alerts,
that if analyzed on their own, wouldn’t
raise any flags.
Secure Web Gateways: SWGs are useful
for IP/URL filtering by blocking dangerous
Shadow IT cloud services if the service IP/
URL is known to the IT department.
Cloud firewall: Low-level attacks between
the cloud and network can be prevented
with a cloud firewall.
User Access Control: User access control,
or identity and access management so-
lutions (IDM) allow organizations to limit
employee access to only the services and
functionality they need for their jobs.
Cloud data encryption: Cloud encryption
makes compromised data useless to a
hacker, as it converts all of the information
into ciphertext.
CASB: Cloud Access Security Brokers act
as a control point between the cloud ser-
vice provider and its customers, providing
activity and security monitoring for cloud
services, and enabling policy enforcement
across all cloud services
Sekhar Sarukkai
Although cloud
computing has
made accessing
corporate data
easier and more
efficient, it comes
with its own array
of security con-
cerns.
By following the
proper cloud security practices, organizations
can use the cloud to its full potential without
the security concerns.
from physical hardware (employee scan-
Sekhar Sarukkai, Skyhigh Networks Co-founder and
Chief Scientist
48