siliconindia | |February 20159company data is literally everywhere. Not only is it impractical to force all network traffic through a firewall it can be illegal. Would you want to be liable for workers' entire log of personal mobile phone data? Gone are the days of gating corporate data behind a firewall. Yet SaaS providers rarely offer robust or customizable security features. Each service provides its own set of security capabilities and policies, meaning enterprises cannot enforce a consistent security model across all SaaS services. This leaves enterprises feeling handcuffed to the standard features provided with a service, or worse, a blanket security model. And workers often use more than one device, making authentication exponentially more complex. Content-Level Protection to the RescueAs more systems, applications and data are moved into the cloud, data security requires two-way protection. Companies must have adequate visibility and controls to assess the security posture of both the user (device) and the application (service). The goal is to make sure business data is being accessed from an approved and uncompromised device. This is a hard problem to solve as more and more devices come into the enterprise every day, all with different operating systems and form factors. Enterprises need solutions that tie this fragmented mobile landscape together and secure services, regardless of whether they are hosted on cloud or on-premise infrastructure, or whether the device is corporate or personally owned. Enterprises should know who is accessing what data from what location and on what device without compromising user experience. User experience is the litmus test for the successful adoption of mobility in the enterprise. It is one of the key factors for the surge in SaaS services because it is beautifully designed and easy to access. That experience needs to be preserved otherwise users will inevitably find ways to circumvent the security controls companies put in place. A handful of well-funded startups have emerged in the last few years that provide greater visibility into and more granular controls for SaaS services. They aim to match the security capabilities enterprises have for on-premise services. Some even provide service-specific (API-and object-level) controls for popular services like Salesforce where data can be encrypted and stored in the cloud service. While this isn't a particularly scalable model, there are hundreds and thousands of SaaS services - it is a good step towards solving this SaaS security problem. The Billion-Dollar Security QuestionThe core premise of cyber security relies on accurately verifying the worker is who they say they are. This is done today with various forms of authentication. Traditional user names and passwords have evolved into four digit PIN codes and even fingerprint sensors. But as the technology evolves, so do the hackers. One group recently broke a finger print scanner in less than 48 hours. Tomorrow, threats will require more intelligent protection that goes beyond what will become easy-to-break authentication. This will be the great cyber security challenge over the next few years. How do you think we will solve this challenge?User experience is the litmus test for the successful adoption of mobility in the enterprise
< Page 8 | Page 10 >