Many employees are already using a variety of cloud services in their daily work without ever having first involved the relevant IT department and without having the risks for data security evaluated. At the same time, more and more divisional managers now consciously move their databases, applications or development environments to an IaaS-, PaaS or SaaS providers to achieve greater flexibility.

A modern cloud strategy, which is specified by the management or management board, is the right platform for digital transformation, opening new markets or to increase efficiency by using Big Data and artificial intelligence.

Activation and use of platforms such as AWS and MS-Azure are in general simple, however, the current safety concept cannot be integrated into the public cloud without a major overhaul because otherwise the advantages of scalability may be lost.

The responsibility for the security has been clearly defined by the cloud provider: The shared responsibility model describes that the provider ensures safe operation of the platform, whilst the client is responsible for its entire environment from the guest system.

For better separation of the topics, the purchase of finished Security Services (SaaS) is referred to as “Security from the Cloud” and protective measures for virtual IT services in the public cloud are referred to as “Security in the Cloud”.

To get as a first step an overview of the use of Cloud-SaaS-Service within your company, we recommend a CASB cloud assessment which analyses the existing firewall log data and provides very granular information regarding the extent to which external cloud services are already used. Furthermore, you are provided with a risk assessment for each cloud service since an extensive risk evaluation (contractual design, location, reputation, downtimes etc.) is saved in a database.

Thanks to a CASP interface for typical SaaS services such as Office 365, it is also possible to log each user interaction in real time. This determines, if there are user anomalies, concrete behaviour violations against usage specifications and unauthorized data transfer to external persons.

If required, the Controlware Consultants support you early-on during the evaluation and planning stage if you are considering to migrate parts or the entire IT-operation into the public cloud.

In this case, the existing firewall solutions and network segmentations need to be planned from scratch and be replaced with relevant scalable cloud approaches. Naturally, for this purpose, we offer you flexible management solutions that can provide uniform log management, firewall change management, vulnerability management and identity and access management beyond the private and public data centres.

Sensible cloud SaaS services to increase efficiency:

• Email SaaS service (anti-spam, anti-malware etc.)
• Web security / proxy service (anti-malware, URL filtering, ATP etc.)
• Central sandboxing or containment as cloud service
• Worldwide authentication service (OTP server, single sign-on etc.)
• Vulnerability SaaS service
• Globally accessible endpoint management service
• DDOS protection as a SaaS service
• Web application firewall as a SaaS service
• Cloud access security broker (CASB) for Office 365, Dropbox & Co.
• DLP solutions from the cloud

Practical security measures for own IT services in the cloud:

• Data security through container or data encryption in the public cloud
• Segmentation and control of East/West traffic and North/South traffic
• Traffic anomaly detection with central sensors
• Integration of data security in DevOps processes
• Ideal use of security tools for platform providers
• Use of comprehensive security management systems (e.g. log analysis, firewall rule changes, vulnerabilities etc.)