itb-nz logo
Story image

IBM: Securing third party apps in the enterprise

IBM has upped its cloud security game with a new solution that helps make ‘bring your own’ cloud apps safe for work.

Cloud Security Enforcer is the first technology to combine cloud identity management (Identity-as-a-Service) with the ability for companies to discover outside apps being accessed by their employees, including those they are using on their mobile devices.

These combined capabilities enable companies to equip their workforce with a secure way to access and use the apps that they want, says IBM.

As companies only have visibility into a fraction of the apps used by their workers, Cloud Security Enforcer helps address a potentially significant security exposure.

New IBM research found that one-third of employees surveyed at Fortune 1000 companies are sharing and uploading corporate data on third-party cloud apps.’

More employees today are engaging in risky practices on these tools, such as signing in with their personal email addresses, using weak passwords, or re-using corporate log-in credentials, according to IBM.

The increased use of mobile apps also carries a risk: nearly 40% of the mobile apps developed today aren’t properly secured before they hit the market, says IBM. While the cloud offers greater productivity, the challenge of employees doing these rogue activities on unsanctioned apps, known as ‘Shadow IT’, is that it can result in companies losing control over and visibility into sensitive data, and the inability of companies to protect employees’ identities.

These issues are further compounded by circumstances that can exacerbate a loss of control.  For example, an employee could use her personal email to set up an account on a third-party, file-sharing app, to which she would then upload her team’s sales contacts in order to see them on her mobile device.

While this unapproved use would give her flexible access to this data, it presents a major challenge if she took a position at a competitor.

Although she would no longer have access to the data and networks monitored by her former employer’s IT team, she would still have visibility into the data uploaded into that app - presenting a potential problem from both a competitive and security perspective.

Hosted on IBM Cloud, IBM’s new Cloud Security Enforcer can scan a corporate network, find the apps employees are using, and provide a more secure way to access them, the company says.

This includes automatically assigning sophisticated passwords and helping to alleviate security breaches caused by human error (95% of all incidents), such as weak passwords. 

Building on IBM’s existing partnership with Box, which offers users strengthened security when sharing files via mobile devices and the web, IBM has also built connectors for Cloud Security Enforcer into Box’s leading cloud-based content management and collaboration platform.

In addition to Box’s app, IBM has built secure connectors for other common apps at work, including tools from Microsoft Office 365, Google Apps, Salesforce.com, and more.

This catalogue of app connectors is continually expanding, and secure access to these apps will be increasingly important to meet the demands of shifting workforce demographics, says IBM.

IBM’s study found that millennial employees, who will make up half of the worldwide workforce by 2020, are the biggest users of cloud apps.

According to the study, over half (51%) of this demographic is using cloud services at work. Cloud Security Enforcer also features added security checks on the integrity and safety of apps being used by employees.

These checks are done with the deep threat analytics from IBM X-Force, IBM’s global threat intelligence network.

This platform is manned by a network of security analysts around the world, and monitors the internet for malicious activity and emerging attacks, based on an analysis of more than 20 billion global security events daily.

This feature allows IT teams to take action against cloud apps used by employees that may present a risk.

With the release of Cloud Security Enforcer, IBM says it is demonstrating its commitment to extend clients’ control, visibility, security and governance inherent to their hybrid cloud environments.

Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More
Story image
Three ways cloud can contribute to a transformation goal
Cloud technology plays a pivotal role in successful transformations and can see businesses thrive and grow; however, this depends on the business mindset and approach to cloud, writes Thomas Duryea Logicalis CTO Toby Alcock.More
Story image
Gigamon and Nokia deliver 5G network visibility solution
The purpose-built joint 5G solution delivers real-time analytics to enhance the customer experience and maximise investment impact.More
Link image
Webinar: How to stay agile in the face of changing cloud needs for customers
Join the discussion about how to migrate to cloud, adopt AI and bolster CX - and leave with the know-how to advance your business in 2020 and beyond.More
Story image
Video: 10 Minute IT Jams - Who is Enlighten Designs?
Today, Techday speaks to Enlighten Designs founder and CEO Damon Kelly, who discusses the company's business journey, a recently signed partnership with an Australian digital services provider, and its vision for the future of web design.More
Story image
Competing in the digital era: delivering better services with SD-WAN
The cause of many of the delays and connectivity issues experienced by end-users is the need to backhaul internet traffic. SD-WAN can help with that, writes Vertel commercial director Tony Hudson.More