IBM announced new cloud security technology that helps safeguard the increasing use of “bring your own” cloud-based apps at work. Cloud Security Enforcer is the first technology to combine cloud identity management (Identity-as-a-Service) with the ability for companies to discover outside apps being accessed by their employees, including those they are using on their mobile devices. These combined capabilities enable companies to equip their workforce with a secure way to access and use the apps that they want.
Cloud Security Enforcer helps companies address a potentially significant security exposure, as they currently only have visibility into a fraction of the apps used by their workers. New research from IBM found that one-third of employees surveyed at Fortune 1000 companies are sharing and uploading corporate data on third-party cloud apps. Employees today are increasingly engaging in risky practices on these tools, such as signing in with their personal email addresses, using weak passwords, or re-using corporate log-in credentials. The increased use of mobile apps also carries a risk: nearly 40 percent of the mobile apps developed today aren't properly secured before they hit the market.1
While the cloud offers greater productivity, the challenge of employees doing these rogue activities on unsanctioned apps, known as “Shadow IT”, is that it can result in companies losing control over and visibility into sensitive data, and the inability of companies to protect employees' identities. These issues are further compounded by circumstances that can exacerbate a loss of control.
For example, an employee could use her personal email to set up an account on a third-party, file-sharing app, to which she would then upload her team's sales contacts in order to see them on her mobile device. While this unapproved use would give her flexible access to this data, it presents a major challenge if she took a position at a competitor. Although she would no longer have access to the data and networks monitored by her former employer's IT team, she would still have visibility into the data uploaded into that app – presenting a potential problem from both a competitive and security perspective.
IBM Cloud Security Enforcer Launches to Help Enable Safer Use of Unsanctioned Apps
Hosted on IBM Cloud, IBM's new Cloud Security Enforcer can scan a corporate network, find the apps employees are using, and provide a more secure way to access them. Building on IBM's existing partnership with Box, which offers users strengthened security when sharing files via mobile devices and the web, IBM has also built connectors for Cloud Security Enforcer into Box's leading cloud-based content management and collaboration platform.
In addition to Box's app, IBM has built security-rich connectors for other popular and common apps at work, including tools from Microsoft Office 365, Google Apps, Salesforce.com, and more. This catalog of app connectors is constantly expanding, and secure access to these apps will be increasingly important to meet the demands of shifting workforce demographics. IBM's study found that millennial employees, who will make up half of the worldwide workforce by 20202, are the biggest users of cloud apps. According to the study, over half (51 percent) of this demographic is using cloud services at work.
Cloud Security Enforcer also features added security checks on the integrity and safety of apps being used by employees. These checks are done with the deep threat analytics from IBM X-Force, IBM's global threat intelligence network. This platform is manned by a vast, global network of security analysts around the world, and monitors the internet for malicious activity and emerging attacks, based on an analysis of more than 20 billion global security events daily. This security intelligence allows IT teams to quickly react to emerging threats on cloud apps being used by employees; blocking and taking action against the ones which may present a risk.
Built by IBM Security, the technology helps organizations reduce the challenges of “Shadow IT”, defend against malicious actors looking to prey on unsafe cloud app usage, and realize the productivity and efficiency benefits of using cloud apps more securely. This is achieved by four core capabilities which:
Detect unauthorized cloud app usage, enabling companies to determine and securely configure the apps that employees want to use, as well as manage, view and direct how employees are using and accessing them.
Determine and enforce which data owned by an organization can or cannot be shared by employees with specific third-party cloud apps.
Connect employees quickly to third-party cloud apps through security-rich connectors, including automatically assigning sophisticated passwords, helping to alleviate security breaches caused by human error (95% of all incidents3), such as weak passwords. IBM's research found that one in every four employees is linking to cloud apps with his or her corporate log-in and password, leaving vast loopholes for hackers.
Help protect against employee-induced and cloud-based threats through analysis of real-time threat data from IBM's X-Force Exchange.
With the release of Cloud Security Enforcer, IBM continues to deliver on its commitment to extend clients' control, visibility, security and governance inherent to their hybrid cloud environments. In doing so, IBM is providing increased data portability in a more secure way across these environments.