Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

Startups Tackle Secure Corporate Data Access From Personal Devices

With employees wanting to use data both inside and outside the company, cloud security startups have focused on two models: protecting data in third-party cloud services and protecting data on the endpoint

As cloud services gain popularity and employees increasingly work from a variety of personal devices, workers expect to be able to access their data from anywhere.

Yet the trend poses security risks for business data, which typically ends up in one of two places outside the corporate network: stored in a cloud service or saved on an employee's device -- and with file-sharing services, it can be both. Because securing data in the cloud means protecting it wherever it is, a bevy of young firms and startups have focused on the problem of protecting data while allowing employees easy access to business information.

Two complementary approaches have evolved to handle these needs for companies. On one hand, companies that want to use cloud services but not lose control of their sensitive data can use a cloud-security gateway to encrypt sensitive data as it leaves the network to be stored in the cloud. On the other, companies can allow employees to work with sensitive data from their devices without losing control by using secure containers to protect and limit the use of the information.

"Both approaches are nearby stops along the evolutionary train," says Suresh Balasubramanian, CEO of Armor5, a year-old startup that has created a technology for offering access to enterprise applications through a protected cloud service.

The two approaches tackle the most common security issues that concern company executives moving parts of their businesses to the cloud. They also represent two legs of the triangle between corporate data, cloud services, and work-anywhere users. Business data can be protected inside cloud services and remote employees can securely access sensitive data without the business losing control of the data.

Businesses need to evaluate where they believe their risks lay in using cloud services, but may need both types of services to best cover the worst threats to their data.

"The immediate demand for data outside the enterprise comes from the mobile workforce, who want to access it on their devices," says Balasubramanian. "The first step is to plan to secure the data and not to just throw it into the cloud."

Companies that worry about the privacy and security of their data as well as complying to a particular nation's laws can use a cloud-security gateway, called a broker, to modify sensitive data as it leaves the corporate network, encrypting or tokenizing it for protection. The technology adds a layer of security that the company can control without relying on their cloud provider to keep their data secure, and makes the use of the data auditable, satisfying compliance mandates. At the same time, the company wants to be able to continue to allow some functions, such as search and report generation, which frequently are lost when data is encrypted.

[An original aim of the cloud was to simplify corporate infrastructure, but having a multitude of services has made networks complex and hard to manage. Can adding a third party make the cloud more secure? See Cloud Brokers Seek To Simplify, Secure Services.]

"It's a hard problem to solve because you have to make sure that you provide that robust security -- it has to be a vetted encryption and tokenized solution -- but you also have to preserve the application functionality, and that is a really hard thing to do," says David Canellos, CEO of cloud-security service provider PerspecSys.

On Thursday, the year-old startup closed a second round of funding for $12 million. PerspecSys and 2-year-old rival CipherCloud have both seen demand for their cloud-security gateways.

If businesses are not storing sensitive data in the cloud, but are losing track of documents and other data among the plethora of mobile devices, then using a cloud-security broker to securely access corporate data can help reign in unrestricted sharing. The danger is that employees may not understand the dangers of sharing and syncing through the cloud, says Armor5's Balasubramanian.

Many cloud services "are in the business of syncing everything, and now they have just transported your documents onto all these devices, even ones that you might have only incidentally used," he says.

Armor5 and rival Watchdox, founded in 2007, take slightly different tacks to secure data. Armor5 offers a portal -- or the technology for a company to set up its own portal -- through which remote employees can securely access data, but not leave any resident on whatever device they are using. Watchdox uses encryption, key management, and a virtual container on the device to restrict access to documents.

"It's about securing the last mile," says Balasubramanian.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7245
PUBLISHED: 2020-01-23
Incorrect username validation in the registration processes of CTFd through 2.2.2 allows a remote attacker to take over an arbitrary account after initiating a password reset. This is related to register() and reset_password() in auth.py. To exploit the vulnerability, one must register with a userna...
CVE-2019-14885
PUBLISHED: 2020-01-23
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...
CVE-2019-17570
PUBLISHED: 2020-01-23
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue...
CVE-2020-6007
PUBLISHED: 2020-01-23
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
CVE-2012-4606
PUBLISHED: 2020-01-23
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.