6 Security Tools To Protect Enterprise Data
The growth of employee-owned devices and use of cloud services requires advanced protection. Here are six new and emerging products worth considering.
As the use of employee-owned devices and personal cloud services continues to rise, so does the risk of enterprise data getting into the wrong hands. Mobile device management suites are one way organizations can mitigate threats of data loss -- either by a willing employee or one who's merely careless. But just as most people have multiple locks or alarm systems on their homes and buildings, IT organizations need to think the same way about protecting their data.
Fortunately, there's no shortage of technologies that can reduce the chances of your organization's data getting into the wrong hands. Among some noteworthy new offerings worth evaluating, here are six.
1-FireHost Compliance as a Service
If your business is in an industry that has strict data compliance requirements but lacks the staff or skills to deploy a solution, Texas-based FireHost offers what it describes as a cloud-based Compliance as a Service (CaaS). The service entrusts FireHost experts with securing your data and ensuring you're meeting such requirements as PCI and HIPAA. The service also aims to reduce the need for multiple security products.
"[FireHost CaaS] will help our customers reduce risk and avoid costs through a smaller remediation footprint and reduced technology needs," explains Kurt Hagerman, FireHost's CISO. "Because all of these services are integrated and delivered by a single provider, customers can focus on their business and leave security and compliance to full-time specialists and experts like us," he says.
The service includes incident response, forensics, security monitoring and remediation, and employs SSL encryption for all data leaving on-premises. In an attempt to alleviate concerns that come with putting all your security eggs in one third-party basket, the company has partnered with risk management firm Coalfire Systems Inc. to provide periodic, independent auditing for customers.
Half of all data losses are due to the use of unauthorized and malicious apps, according to 70 percent of enterprise IT pros recently surveyed by Cisco Systems Inc.
Israeli-based startup FireLayers believes it can thwart the use of these apps with its new application security gateway for apps running in the cloud that provides additional monitoring and protection. The policy-based Software-as-a-Service (SaaS) offering secures both custom and third-party cloud apps accessed by employee-owned devices.
While many cloud services already offer some baked-in security, FireLayers looks to offer extended protection with support for Xtensible Access Control Markup Language (XACML), the XML-based access control policy protocol. "Cloud app providers like Salesforce, Google, Box, SuccessFactors and others provide excellent user experiences, meet demanding performance SLAs and secure data in their clouds," says FireLayers President Doron Elgressy. "But their responsibility ends there." Elgressy says an application security gateway closes that gap by providing security controls of cloud application usage at a granular level.
The FireLayers app security includes a central dashboard that lets administrators extend policies, manage permissions and approve specific access. It also shows known threats and can employ rules to counter them and provides reporting tools to assess and outline specific weaknesses.
"Cloud app providers like Salesforce, Google, Box, SuccessFactors and others provide excellent user experiences, meet demanding performance SLAs and secure data in their clouds. But their responsibility ends there."
Doron Elgressy, President, FireLayers Inc.
In order to keep data secure, organizations must know where their data is stored. NetApp StorageGRID Webscale provides monitoring tools that lets IT track the physical movement of data. This storage management tool tracks large amounts of uncategorized data and keep it constant with the same security levels extended to confidential enterprise data.
It supports the Amazon Web Services Simple Storage Service (S3) and implements automatic encryption and access control capabilities, and aims to limit the threat of an unauthorized access or data leak.
The company is currently testing the next version of StorageGRID Webscale in its early adopter program, which includes geo-distributed erasure coding, a process in which data is fragmented and encoded with redundant data pieces and stored over multiple datacenters, ensuring that if there is a breach, data will stay protected. The company plans to release it in 2015.
CloudFlare has made a name for itself over the past few years giving Web sites hosted in its service protection from distributed denial-of-service (DDoS) attacks. Recently, the company has come up with a solution for those enterprises not wanting to hand over SSL encryption keys to cloud providers in its Keyless SSL solution.
Developed by cryptographers and system engineers at CloudFlare, its Keyless SSL feature allows companies to allow their encrypted data to travel through the CloudFlare network without handing over the keys to the data. How it works is that SSL certificates are signed and verified on-premises by the enterprise's private keys before ever leaving. This allows CloudFlare to move and secure clients' data without ever having access to private encryption keys.
This technology could be a welcome anecdote now that online data breaches of major retailers, banks and other companies are becoming routine events. Want to harden your Web site from attack, but don't want to put the keys in the hands of a third party? CloudFlare has figured out a possible solution. While Keyless SSL is currently only offered through the CloudFlare Web protection service, look for similar approaches to start popping up from competing cloud security firms.
5-SharePlan for Enterprises
Code 42 Software Inc.
Whether you're keeping your enterprise files in a public cloud, an on-premises private cloud or in a hybrid deployment, the service you choose can make a difference when it comes to ensuring your organization's data is secure. SharePlan for Enterprises from Code 42 looks to keep your documents secure -- and encrypted -- while allowing for easy employee access to data, whether they're on-premises or in the cloud.
SharePlan for Enterprises syncs files across all user devices, notably Windows, Android, Mac OS X or iOS, while providing IT with a window into where and by whom the files are being accessed.
For those looking to keep their files on-premises, SharePlan lets IT run the SharePoint appliances within their own hardware configurations, allowing for full control of the service. Or, for those who prefer outside monitoring of their private cloud, or those running a hybrid solution, the Code 42 SharePlan can also be customized with around-the-clock monitoring and support.
To keep documents safe, files are automatically encrypted with AES 256-bit keys in transit and at rest. Accessing the data can only be done by those with the correct PIN to randomly generated, expiring links. It also supports two-factor authentication. And looking to close a huge hole in data leakage -- lost or stolen employee devices -- IT can remotely wipe any device running the SharePlan app.
What's the advantage of going with a paid service like SharePlan over rival cheap and cost-effective cloud storage services such as Dropbox or Google Docs for storage and user collaboration? Unlike personal document storage services that may be used by employees, IT has total control and insight of enterprise data at all times.
Yes, this belongs in the mix, too. As the cloud embodies everything Microsoft does, its flagship Windows OS is no exception. The next version -- Windows 10 -- slated for release in mid-2015, will do its part to offer improved cloud security. Microsoft last month released the Windows 10 Technical Preview for testing.
While Microsoft relies on the BitLocker encryption service to keep data secure on devices, Windows 10 promises to improve security when data is in transit or stored elsewhere using container technology to separate data from the OS.
"With Windows 10 we are able to provide an additional layer of protection using containers and data separation at the application and file level -- enabling protection that follows the data wherever it goes," said Jim Alkove, Microsoft Windows enterprise program management team lead, in a blog post. "Whether the data moves from a tablet or PC to a USB drive, e-mail or the cloud -- it maintains the same level of protection."
Alkove said this approach will bring data protection to the "file level," and won't need any new actions from end users to gain the new security capabilities.