We are living in very interesting times. Organizations of all sizes and across all industries have been migrating to the cloud for years. Those that were not already actively engaged in digital transformation at least had it on their radar with plans to start soon—and then the COVID-19 pandemic hit. Suddenly, office environments were shut down and entire companies were forced to work from home as various regions quarantined to contain the virus.
Organizations had to accelerate the move to cloud platforms and software-as-a-service (SaaS) tools in order to keep revenue flowing. In the moment, the focus was almost entirely on how to enable employees working from home to remain productive. It was treated as an emergency response—similar to how a company might deal with something like a hurricane or blizzard—and not as something that might last more than a couple weeks or become the “new normal”. Security was not a priority, but now that months have gone by and many organizations have adopted this business model indefinitely, it is vital for companies to ensure security of SaaS solutions and cloud applications without impeding productivity.
History of SaaS Security
The introduction of the iPhone in 2007 and the subsequent launch of tablets and wearables has led to exponential growth of the mobile device market. It is common practice for businesses to allow employees to use personal mobile devices for work, and it is standard for many employees to access critical applications and sensitive data from those devices.
Naturally organizations are playing catch up when it comes to rolling out protection for this new form factor that is quickly becoming a key productivity tool across almost every industry. Data from the Verizon Mobile Security Index showed a “mobile perception gap” with an emerging threat landscape targeting mobile platforms.
A more mobile workforce combined with companies migrating to cloud infrastructure also led to a rise in software-as-a-service (SaaS) platforms and applications. The cloud posed some challenges in terms of ubiquitous access and rapid scalability. Fortunately, those same things also make cloud-assisted security uniquely suited to address the challenges. That is why companies like Wandera were created. Roy Tuvey, co-founder and president of Wandera, describes the mission behind the company, “Our idea was to make remote working equal in every way to in the office working. The point was to ‘level up’ remote workers to in-office workers through seamless enablement, user experience, and security.”
Balancing Security and Productivity
Productivity used to simply be a function of whether or not the device itself was good enough to get the job done. As long as it had the right processing horsepower, it was sufficient. Now, we have to look at productivity through the lens of the applications being used and find the right balance between productivity and security. In the same way that cloud-based applications offload the computing and processing burden from the endpoint or mobile device, cloud-delivered security secures applications and protects data on the device, in the network, and in the cloud without placing the burden on the device.
Much of cybersecurity focuses on the endpoint itself. Antimalware solutions, endpoint protection, and endpoint detection and response (EDR) are all based on the premise that the endpoint is the perimeter that defends company applications and data from unauthorized or malicious access.
Endpoint security alone is not enough, an end-to-end security strategy is required. Mobile has many attack vectors, whether it be a compromised device or unauthorized user, security needs to be applied at multiple levels to protect every point of the data journey and that can only be done with cloud-delivered technology.
It seems logical to simply ensure that the person logging in and using an application is authorized to do so, but the traditional approach to identity and access management falls short. insider threats are also a concern and most attacks actually leverage stolen or compromised credentials. It is crucial to be able to monitor activity and evaluate risk based on not just the device or identity, but also the decisions the user makes and the actions the user takes.
Adapting to Our New Reality
Cloud-delivered security solutions are uniquely positioned to help customers navigate the new reality today. The focus on enabling a secure remote working experience is exactly what organizations need to maintain productivity and drive growth while employees collaborate online and work together from their living rooms, bedrooms, and home offices. We need to use the power of the cloud to achieve consistent end-to-end protection across different devices, operating systems, management strategies, ownership models, etc. Mobile is complex in all the variables at play. Cloud-delivered security allows you to achieve security without the bottlenecks of an on-premise solution.
Cloud-delivered security is both interesting and challenging for the same reasons that cloud-based platforms and applications are. Ease of use, availability, scalability, and reduced cost are all notable factors. It’s a simple truth that your security is only as good as your ability to ensure it is always updated and available. That can be more challenging in a dynamic environment where the attack surface and threat landscape are constantly shifting. However, a cloud-based security vendor can identify new threats and trends more quickly—and leverage the intelligence gathered across all customers to accelerate protection for everyone.
Organizations need to be able to implement and manage security without hindering productivity. It helps to streamline security with a unified solution rather than trying to stitch together various point solutions. Cloud platforms and SaaS applications are imperative for businesses today, but they need a way to manage, secure, control, and visualize remote workers’ data effectively—through a single solution that can provide a comprehensive view of the end-to-end security posture.
“We envisage a world where there is zero difference between being in the office or out of the office, on a mobile device or on a laptop, on Wi-Fi or cellular, explained Roy Tuvey. “We wanted to help enterprises view their staff, contractors, and partner organizations as equal, and be able to interact with them equally. The vision is finally coming together with our technology capabilities catching up to our vision.”
- Julie Smith Shares Identity Security Guidance for 2023 - January 19, 2023
- Mark Thomas Talks about Threat Hunting - January 5, 2023
- Malcom Harkins Talks about Ethical and Legal Obligations of the CISO - October 20, 2022