Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

Startups Tackle Secure Corporate Data Access From Personal Devices

With employees wanting to use data both inside and outside the company, cloud security startups have focused on two models: protecting data in third-party cloud services and protecting data on the endpoint

As cloud services gain popularity and employees increasingly work from a variety of personal devices, workers expect to be able to access their data from anywhere.

Yet the trend poses security risks for business data, which typically ends up in one of two places outside the corporate network: stored in a cloud service or saved on an employee's device -- and with file-sharing services, it can be both. Because securing data in the cloud means protecting it wherever it is, a bevy of young firms and startups have focused on the problem of protecting data while allowing employees easy access to business information.

Two complementary approaches have evolved to handle these needs for companies. On one hand, companies that want to use cloud services but not lose control of their sensitive data can use a cloud-security gateway to encrypt sensitive data as it leaves the network to be stored in the cloud. On the other, companies can allow employees to work with sensitive data from their devices without losing control by using secure containers to protect and limit the use of the information.

"Both approaches are nearby stops along the evolutionary train," says Suresh Balasubramanian, CEO of Armor5, a year-old startup that has created a technology for offering access to enterprise applications through a protected cloud service.

The two approaches tackle the most common security issues that concern company executives moving parts of their businesses to the cloud. They also represent two legs of the triangle between corporate data, cloud services, and work-anywhere users. Business data can be protected inside cloud services and remote employees can securely access sensitive data without the business losing control of the data.

Businesses need to evaluate where they believe their risks lay in using cloud services, but may need both types of services to best cover the worst threats to their data.

"The immediate demand for data outside the enterprise comes from the mobile workforce, who want to access it on their devices," says Balasubramanian. "The first step is to plan to secure the data and not to just throw it into the cloud."

Companies that worry about the privacy and security of their data as well as complying to a particular nation's laws can use a cloud-security gateway, called a broker, to modify sensitive data as it leaves the corporate network, encrypting or tokenizing it for protection. The technology adds a layer of security that the company can control without relying on their cloud provider to keep their data secure, and makes the use of the data auditable, satisfying compliance mandates. At the same time, the company wants to be able to continue to allow some functions, such as search and report generation, which frequently are lost when data is encrypted.

[An original aim of the cloud was to simplify corporate infrastructure, but having a multitude of services has made networks complex and hard to manage. Can adding a third party make the cloud more secure? See Cloud Brokers Seek To Simplify, Secure Services.]

"It's a hard problem to solve because you have to make sure that you provide that robust security -- it has to be a vetted encryption and tokenized solution -- but you also have to preserve the application functionality, and that is a really hard thing to do," says David Canellos, CEO of cloud-security service provider PerspecSys.

On Thursday, the year-old startup closed a second round of funding for $12 million. PerspecSys and 2-year-old rival CipherCloud have both seen demand for their cloud-security gateways.

If businesses are not storing sensitive data in the cloud, but are losing track of documents and other data among the plethora of mobile devices, then using a cloud-security broker to securely access corporate data can help reign in unrestricted sharing. The danger is that employees may not understand the dangers of sharing and syncing through the cloud, says Armor5's Balasubramanian.

Many cloud services "are in the business of syncing everything, and now they have just transported your documents onto all these devices, even ones that you might have only incidentally used," he says.

Armor5 and rival Watchdox, founded in 2007, take slightly different tacks to secure data. Armor5 offers a portal -- or the technology for a company to set up its own portal -- through which remote employees can securely access data, but not leave any resident on whatever device they are using. Watchdox uses encryption, key management, and a virtual container on the device to restrict access to documents.

"It's about securing the last mile," says Balasubramanian.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Well I dont run on MacOS, so I need to take extra precautions"
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-3641
PUBLISHED: 2020-06-02
Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096...
CVE-2020-3645
PUBLISHED: 2020-06-02
Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voi...
CVE-2020-3680
PUBLISHED: 2020-06-02
A race condition can occur when using the fastrpc memory mapping API. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, QCS605, QM215, SA415M, SDM429, SDM429W, SDM439, S...
CVE-2020-3610
PUBLISHED: 2020-06-02
Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, ...
CVE-2020-3615
PUBLISHED: 2020-06-02
Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT...