IBM: Securing third party apps in the enterprise
FYI, this story is more than a year old
IBM has upped its cloud security game with a new solution that helps make ‘bring your own’ cloud apps safe for work.
Cloud Security Enforcer is the first technology to combine cloud identity management (Identity-as-a-Service) with the ability for companies to discover outside apps being accessed by their employees, including those they are using on their mobile devices.
These combined capabilities enable companies to equip their workforce with a secure way to access and use the apps that they want, says IBM.
As companies only have visibility into a fraction of the apps used by their workers, Cloud Security Enforcer helps address a potentially significant security exposure.
New IBM research found that one-third of employees surveyed at Fortune 1000 companies are sharing and uploading corporate data on third-party cloud apps.’
More employees today are engaging in risky practices on these tools, such as signing in with their personal email addresses, using weak passwords, or re-using corporate log-in credentials, according to IBM.
The increased use of mobile apps also carries a risk: nearly 40% of the mobile apps developed today aren’t properly secured before they hit the market, says IBM. While the cloud offers greater productivity, the challenge of employees doing these rogue activities on unsanctioned apps, known as ‘Shadow IT’, is that it can result in companies losing control over and visibility into sensitive data, and the inability of companies to protect employees’ identities.
These issues are further compounded by circumstances that can exacerbate a loss of control. For example, an employee could use her personal email to set up an account on a third-party, file-sharing app, to which she would then upload her team’s sales contacts in order to see them on her mobile device.
While this unapproved use would give her flexible access to this data, it presents a major challenge if she took a position at a competitor.
Although she would no longer have access to the data and networks monitored by her former employer’s IT team, she would still have visibility into the data uploaded into that app - presenting a potential problem from both a competitive and security perspective.
Hosted on IBM Cloud, IBM’s new Cloud Security Enforcer can scan a corporate network, find the apps employees are using, and provide a more secure way to access them, the company says.
This includes automatically assigning sophisticated passwords and helping to alleviate security breaches caused by human error (95% of all incidents), such as weak passwords.
Building on IBM’s existing partnership with Box, which offers users strengthened security when sharing files via mobile devices and the web, IBM has also built connectors for Cloud Security Enforcer into Box’s leading cloud-based content management and collaboration platform.
In addition to Box’s app, IBM has built secure connectors for other common apps at work, including tools from Microsoft Office 365, Google Apps, Salesforce.com, and more.
This catalogue of app connectors is continually expanding, and secure access to these apps will be increasingly important to meet the demands of shifting workforce demographics, says IBM.
IBM’s study found that millennial employees, who will make up half of the worldwide workforce by 2020, are the biggest users of cloud apps.
According to the study, over half (51%) of this demographic is using cloud services at work. Cloud Security Enforcer also features added security checks on the integrity and safety of apps being used by employees.
These checks are done with the deep threat analytics from IBM X-Force, IBM’s global threat intelligence network.
This platform is manned by a network of security analysts around the world, and monitors the internet for malicious activity and emerging attacks, based on an analysis of more than 20 billion global security events daily.
This feature allows IT teams to take action against cloud apps used by employees that may present a risk.
With the release of Cloud Security Enforcer, IBM says it is demonstrating its commitment to extend clients’ control, visibility, security and governance inherent to their hybrid cloud environments.