The rising business use of cloud services and mobile devices has opened a Pandora’s box of security exposures.
Software as a service (SaaS) tools such as Salesforce.com, Gmail, Office 365 and Dropbox, as well as social media sites such as Facebook, LinkedIn and Twitter, are all being heavily leveraged by companies to boost productivity and collaboration. This SaaS trend also has opened up a whole new matrix of access points for malicious attackers to get deep inside company networks.
Wall Street recognizes that all organizations will have to acknowledge and make decisions on how to mitigate new business risks introduced by cloud services. And big bets are being placed on new technologies to help companies get a handle on these fresh exposures.
See also: The Need for a Security Mindset
ThirdCertainty recently sat down with David Baker, chief security officer at Okta, a cloud identity management vendor that’s one of dozens of security vendors developing cloud security systems. A $75 million round of private investment last fall pushed Okta’s market valuation to more than a billion dollars, vaulting it into so-called “unicorn” status.
Okta’s backers include a who’s who of venture-capital firms that are placing big bets on cybersecurity plays: Andreessen Horowitz, Greylock Partners, Sequoia Capital, Khosla Ventures, Altimeter and Glynn Capital, among others.
Baker talked to us about this particular big bet on cybersecurity tech. The text is edited for clarity and length.
3C: Congratulations on achieving unicorn status.
Baker: Thank you. We have a lot of work to do as a company to continue growing. The problem that we solve is really about enabling companies — enterprises, as well as small, medium and big companies — to adopt the cloud.
3C: How would you frame the big challenge?
Baker: The problem for companies now is that the things I need to access in the cloud bring a whole host of security concerns. I have users working within my four walls, and they have to authenticate into these applications where I have critical business data. It could be information about my company’s source code, or email or all of the files we share. So what’s needed is a secure way of authenticating users into all of those systems.
It also is a challenge to provision that identity into the downstream applications and, just as importantly, to de-provision users. So when a user eventually is transferred to a different group or is terminated, their access has to be disabled. So it’s about managing that identity and also managing the access of that identity to these cloud services.
3C: Lots of employees set up their own Gmail or Dropbox account to be more productive. It sounds like they shouldn’t be doing that?
Baker: Correct. The security piece is knowing what set of tools you want your employees using, and then making sure you have an authentication mechanism in place to enable them to go securely into those cloud-based applications.
See also: Cyber, Tech Security Start to Merge3C: The company sets the rules, and its employees should use only the company-sanctioned versions?
Baker: Correct. Users get exactly the version of Dropbox the company wants them to use, not their own personal account. Okta creates a secure connection to that version. The IT administrator can give the employees access to hundreds of apps. Right now, we have connectors to well over 4,000 different applications across the internet.
3C: Seems like we’re extending the traditional network perimeter. It’s not just the on-premises servers and clients that companies have to be concerned with, it’s everything out in the internet cloud that employees might try to use.
Baker: I’ll do you even one better. The perimeter really exists with respect to identity. When I’m sitting at home or in the coffee shop and using my cellphone to get access into an application, I am now the perimeter. So that’s why we like to say, really, identity is the new perimeter.
This article first appeared at Third Certainty.More stories related to cloud security:Be selective about what data you store and access from the cloudCloud apps routinely expose sensitive dataSOC-2 compliance crucial for keeping data safe in the cloud