Companies must redefine their perimeter to ensure security in the cloud

Fresh exposures to cyber threats require stricter management of users’ access to services

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The ris­ing busi­ness use of cloud ser­vices and mobile devices has opened a Pandora’s box of secu­ri­ty exposures.

Soft­ware as a Ser­vice (SaaS) tools like Salesforce.com, Gmail, Office 365 and Drop­box, as well as social media sites like Face­book, LinkedIn and Twit­ter, are all being heav­i­ly lever­aged by com­pa­nies large and small to boost pro­duc­tiv­i­ty and collaboration.

This trend also has opened up a whole new matrix of access points for mali­cious attack­ers to get deep inside com­pa­ny networks.

Wall Street rec­og­nizes that all orga­ni­za­tions will have to acknowl­edge and make deci­sions on how to mit­i­gate new busi­ness risks intro­duced by cloud ser­vices. And big bets are being placed on new tech­nolo­gies to help com­pa­nies get a han­dle on these fresh exposures.

Third­Cer­tain­ty recent­ly sat down with David Bak­er, chief secu­ri­ty offi­cer at Okta, a cloud iden­ti­ty man­age­ment ven­dor that’s one of dozens of secu­ri­ty ven­dors devel­op­ing cloud secu­ri­ty sys­tems. A $75 mil­lion round of pri­vate invest­ment last fall pushed Okta’s mar­ket val­u­a­tion to over a bil­lion dol­lars, vault­ing it into so-called “uni­corn” status.

Okta’s back­ers includes a who’s who of ven­ture-cap­i­tal firms that are plac­ing big bets on cyber­se­cu­ri­ty plays: Andreessen Horowitz, Grey­lock Part­ners, Sequoia Cap­i­tal, Khosla Ven­tures, Altime­ter and Glynn Cap­i­tal among others.

Bak­er described this par­tic­u­lar big bet on cyber­se­cu­ri­ty tech. Text edit­ed for clar­i­ty and length:

3C: Con­grat­u­la­tions on achiev­ing uni­corn status.

David Baker, Okta chief security officer
David Bak­er, Okta chief secu­ri­ty officer

Bak­er: Thank you. We have a lot of work to do as a com­pa­ny to con­tin­ue grow­ing. The prob­lem that we solve is real­ly about enabling com­pa­nies— enter­pris­es, as well as small, medi­um and big companies—to adopt the cloud.

3C: How would you frame the big challenge?

Bak­er: The prob­lem for com­pa­nies now is that the things I need to access in the cloud bring a whole host of secu­ri­ty con­cerns. I have users work­ing with­in my four walls, and they have to authen­ti­cate into these appli­ca­tions where I have crit­i­cal busi­ness data. It could be infor­ma­tion about my company’s source code, or email, or all of the files we share. So what’s need­ed is a secure way of authen­ti­cat­ing users into all of those systems.

It also is a chal­lenge to pro­vi­sion that iden­ti­ty into the down­stream appli­ca­tions, and, just as impor­tant­ly to de-pro­vi­sion users. So when a user even­tu­al­ly is trans­ferred to a dif­fer­ent group, or is ter­mi­nat­ed, their access has to be dis­abled. So it’s about man­ag­ing that iden­ti­ty and also man­ag­ing the access of that iden­ti­ty to these cloud services.

3C: Lots of employ­ees set up their own Gmail or Drop­box account to be more pro­duc­tive; so they shouldn’t be doing that?

Bak­er: Cor­rect. The secu­ri­ty piece is know­ing what set of tools you want your employ­ees using, and then mak­ing sure you have an authen­ti­ca­tion mech­a­nism in place to enable them to go secure­ly into those cloud-based applications.

3C: The com­pa­ny sets the rules, and their employ­ees should use only the com­pa­ny-sanc­tioned versions?

Bak­er: Cor­rect. Users get exact­ly the ver­sion of Drop­box the com­pa­ny wants them to use, not their own per­son­al account. Okta cre­ates a secure con­nec­tion to that ver­sion. The IT admin­is­tra­tor can give the employ­ees access to hun­dreds of apps. Right now we have con­nec­tors to well over 4,000 dif­fer­ent appli­ca­tions across the internet.

3C: Seems like we’re extend­ing the tra­di­tion­al net­work perime­ter. It’s not just the on-premis­es servers and clients com­pa­nies have to be con­cerned with, it’s every­thing out in the inter­net cloud that employ­ees might try to use.

Bak­er: I’ll do you even one bet­ter, the perime­ter real­ly exists with respect to iden­ti­ty. When I’m sit­ting at home or in the cof­fee shop, and using my cell­phone to get access into an appli­ca­tion, I am now the perime­ter. So that’s why we like to say, real­ly, iden­ti­ty is the new perimeter.

More sto­ries relat­ed to cloud security:
Be selec­tive about what data you store and access from the cloud
Cloud apps rou­tine­ly expose sen­si­tive data
SOC-2 com­pli­ance cru­cial for keep­ing data safe in the cloud