Ensure Consistent Egress Policies Across Regions

By Author: Tomas Cohen
Total Articles: 16
Comment this article

Cloud services offer a ton of benefits (ease of use, scalability, value, dynamic updates) when compared to traditional software. But, while enterprise software has been around for eons, cloud services have been around less than a decade and businesses have plenty of opportunities to reduce security risks due to the use of cloud services.

Believe me – this is not a cut on cloud services, or the businesses using them. We are a cloud service, and we love other cloud services that make our work and personal lives easier and more efficient. However, we work with many very strategic and responsible enterprises that haven’t yet mastered Cloud Security, so we figured we’d make your life a little easier and tell you about the Top 10 Quick-Tips for Shoring Up your Cloud Data Security. Every week we’ll count down and share 1 tangible opportunity from real-life customer feedback, and tell you how to make it happen in your environment.

The companies we work with almost always have some type of cloud service ...
... usage policy in place that dictates which specific or types of cloud services employees are permitted to use. Polices also often outline cases in which employees with certain functions are granted access that others are not (e.g., marketing can use Facebook, but others cannot). In order to enforce these policies, customers rely on firewalls and proxies to permit/block access to web services. This process can be tricky though because the network edge is compromised of a patchwork of egress devices (firewalls & proxies).

The issue we see time and time again is that cloud policies are enforced inconsistently from region to region. The reason behind this is that the egress devices used in one location are different than those used in other locations. They were either procured by regional offices, or came on-board through M&A. The end result in either case can be vastly different regional enforcement of cloud service policies, which leads to cracks of vulnerability across the enterprise.

For example, we had one customer who used Bluecoat proxies in Asia and Palo Alto Networks firewalls in Europe. They discovered that scores of employees in Europe were using social media services in violation of policy, while in Asia employees could access certain cloud storage services that were blocked everywhere else. This exposed them to legal issues and potential loss of IP loss…not good.

In order to identify these inconsistencies we encourage our customer to review the allow/deny statistics across all Cloud Security services and regions to identify instances in which access is permitted or denied in violation to corporate policy.

Author:
Tomas Cohen is a security enthusiast and analyst covering the most significant security topics and trends prevalent worldwide. He also involves in the technology related to Cloud Security, Data Loss Prevention, Cloud Data Security etc.,