This post was originally published here by Prasidh Srikanth.
If you were on a sinking ship that was full of holes of various sizes, which ones would you patch first? Probably the big ones. Now, consider this: As an enterprise, youāve been successfully sailing and securing your corporate data on premises for some time. However, now youāre migrating to the cloud, looking for increased productivity, collaboration, and cost savings. In this new ocean, organizations must decide how to prioritize security concerns so that they can prevent data leakage.
There are two schools of thought on how organizations should accomplish the above. The first entails beginning by securing your most-usedĀ SaaS appsĀ (Office 365,Ā Box,Ā G Suite,Ā Slack, et cetera). This is ideally done through a multimodeĀ cloud access security broker (CASB)that secures data access in real timeĀ via proxy, and secures data at rest in the cloud through API integrations. As these major apps are the primary locations to which your data is flowing, they are your first responsibility to address.
From there, aĀ shadow IT discovery toolĀ can be used to identify the other, less frequently used SaaS apps that employees are accessing. When these uncommon, less widely known apps are discovered, you may then choose to perform policy-based remediations; for example, coaching users to sanctioned alternatives, making shadow IT apps read only, or blocking access altogether. In this way, the larger security gaps are addressed before the smaller ones, meaning that your boat is successfully patched and gets to sail onward.
The other approach to cloud security says that organizations should perform shadow IT discovery before they begin to secure major SaaS applications and enforce data protection policies. In other words, you have to identifyĀ everythingĀ before you can begin securingĀ anything.Ā With this approach, you start by hunting down every minuscule security gap before beginning to address the apps that represent the largest data leakage threats, meaning that your boat is allowed to take on water.
Gaining insight into SaaS app usage is helpful for the enterprise; however, thereās a handful of apps that act as the gateway to your cloud journey. Addressing these commonly used applicationsĀ firstĀ is the right way to secure your cloud migration. Once you have your bases covered in this way, you can further strengthen your security posture by performing shadow IT discovery and securing the other apps that represent the metaphorical small holes in your boat. With this measured and methodical security approach, you can confidently continue to transform your business and sail into the cloud.
Photo:TRIIO
