Five cloud security considerations for CISOs

Discover how you can protect users and the organization in today’s new normal

The past six months have been a whirlwind of change. Security teams across the world have scrambled to empower distributed users with the tools and information they need to keep businesses running. Now everyone is accessing everything from everywhere, with limited control and visibility into who is accessing what, where, and on what device.

It’s time to take a step back, understand the new security landscape, and formulate a new strategy for protecting users and the organization from growing cybersecurity threats.

Here are my five considerations for CISOs to ponder:

01. Web and Email Are the Most Common Entry Points for Breaches.

More than 90 percent of cyberattacks use the web or email as an attack vector. There are more than 700 browser vulnerabilities per year. Unknown malware is delivered every four seconds. Over half of large enterprises are targeted by spearphishing attacks. And 12 percent of users always click on untrusted links and attachments. It’s clear that security teams need to be laser focused on web and email attack vectors.

02. SSL Is a Major Threat.

Nearly 90 percent of all websites run on HTTPS. This means that the majority of web traffic—the good, the bad, and the ugly—is routed over SSL. Yet, most enterprises do not have the capability to monitor SSL traffic because of performance issues with their legacy appliances. Even some cloud security vendors don’t include unmetered SSL termination as part of their SLA. See the problem here?

03. Enterprise Apps Need to Be Protected from Untrusted Devices.

New work-from-home policies have laid bare the problems resulting from bring-your-own-device (BYOD) trends. Users log in from personal computers already set up in their home office. They use whatever device has the best Wi-Fi connection. Maybe it’s easier to just log in to Zoom from their kid’s device. At the same time, it’s clear that VPNs are not a good match for today’s distributed architecture. They can be easily compromised, they degrade the user experience, and they lack the control and visibility needed to protect users from cybersecurity threats. A Zero Trust approach to cybersecurity is needed.

04. SaaS is the New Trojan Horse.

There’s no doubt that cloud apps have revolutionized the way we work and basically saved the economy during the Covid-19 pandemic. The problem is that these apps require a direct and persistent connection between the user and the app, and routing this traffic back to a centralized data center where it can be monitored and controlled effectively creates all sorts of latency and bandwidth issues—rendering the data center pretty much useless. Unfortunately, malicious actors have caught on, using SaaS platforms as an attack vector more than one-third of the time. Enterprises need a way to enable cloud app accessibility without sacrificing security control.

05. Limited Visibility Is a Security Killer.

Given the state of the Internet, it’s clear that breaches will occur. It’s important that organizations are able to mitigate the damage these breaches cause. Security teams that have visibility into network traffic, user behavior, and the security events themselves can root out and stop attacks before they spread or cause irreversible damage. A lack of visibility results from misconfigured security tools, increased security risk from increasingly sophisticated attacks, and reduced user productivity.

Digital transformation for the distributed enterprise has been accelerated. Users, apps. and devices are logging in from everywhere, but security transformation has yet to catch up. In my latest webinar, “Five Cloud Security Considerations for CISOs,” I outline how Menlo Security solves these concerns—giving CISOs a cybersecurity framework for protecting the enterprise in the new normal.

View the webinar now.