CLOSE

Specials

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

Skip to: Curated Story Group 1
lifesciencesreview
US
EUROPE
APAC
LATAM
  • Home
  • Contributors
  • News
  • Conferences
  • Newsletter
  • Whitepapers
  • Magazine
  • About
×
#

Life Science Review Weekly Brief

Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Life Science Review

Subscribe

loading

Thank you for Subscribing to Life Science Review Weekly Brief

  • Home
  • Contributers

Recommended Insights

How COVID-19 will Accelerate Digital...

Jakirul Islam, Senior Vice President, Bank Asia

Sterile Processing Professional: 30 Years...

Jackie Mallatt, CRCST, Sterile Processing...

Packaging, A Key Element In Improving...

Bertrand Havrileck, Head of Corporate Pharma R&D,...

Top Biotech Developments to Watch for

Jeremy Williams, Life Science Review

What Role Does Digital Technology Play in...

Jeremy Williams, Life Science Review

Managing Risk and Minimizing the...

Timothy Korwan, Director, New Product Development...

In Personalized Medicine Logistics,...

Scott Ohanesian, Senior VP Commercial Operations,...

Unlock the Power of Data

Jijo James, M.D., M.P.H., Chief Medical Officer,...

How COVID-19 will Accelerate Digital...

Jakirul Islam, Senior Vice President, Bank Asia

Sterile Processing Professional: 30 Years...

Jackie Mallatt, CRCST, Sterile Processing...

Packaging, A Key Element In Improving...

Bertrand Havrileck, Head of Corporate Pharma R&D,...

Top Biotech Developments to Watch for

Jeremy Williams, Life Science Review

What Role Does Digital Technology Play in...

Jeremy Williams, Life Science Review

Managing Risk and Minimizing the...

Timothy Korwan, Director, New Product Development...

In Personalized Medicine Logistics,...

Scott Ohanesian, Senior VP Commercial Operations,...

Unlock the Power of Data

Jijo James, M.D., M.P.H., Chief Medical Officer,...

Cloud and SaaS Security- The Need for a Comprehensive Approach

Richard A. Spires, CEO, Learning Tree International
Tweet

As a former CIO, I have implemented and seen the significant benefits of cloud computing, both the leverage of compute on demand via infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) delivery models and the use of software-as-a-service (SaaS) applications. In particular, SaaS-based applications are becoming increasingly the way organizations can quickly and easily leverage new applications. This is driving tremendous growth and innovation—AngelList has more than 11,000 SaaS start-ups listed in the U.S. and IDC predicts the SaaS-based market to surpass $112 billion by 2019.


While cloud computing and SaaS business models can enable IT organizations to lower infrastructure costs and enable more agility to support customers, it also increases the complexity in dealing with IT security. Not only is the IT organization giving up control (and visibility) into some of its IT infrastructure, to the degree it is leveraging SaaS-based applications, it is also having third-parties store and control sensitive data. Not so long ago, IT security staff would work to protect the organization’s IT perimeter; with today’s new computing and service models, one has to admit that a traditional perimeter no longer exists, or if a perimeter does exist, it might include protecting a number (perhaps up to dozens?) of third-party cloud service and SaaS-application providers.


I think of SaaS security as a two-fold challenge. First, in regards to the use of third-party IT cloud service providers (to include more traditional outsourced data center services), organizations need to have confidence these providers are implementing the proper security controls that should match (or at least be similar to) what they would implement within their own data centers and networks. These controls range from physical access for personnel, and up to including identity management for system administration access and appropriate network encryption. A number of non-profit organizations have been working on standardizing these controls for the industry. Notably, the Cloud Security Alliance (CSA–cloudsecurityallianc.org) has developed the Cloud Controls Matrix (CCM), a security controls framework specifically designed for cloud computing. Leveraging CCM, the CSA has developed an auditing, certification, and registry program for cloud service providers known as Security, Trust & Assurance Registry (STAR). In a similar model, the U.S. Federal Government has developed its FedRAMP program, a means for cloud service providers to meet minimum security control requirements at three different levels as defined by the NIST 800-53 security control suite.


Yet even if an IT security manager has faith in the control suite of the underlying cloud service provider, what about the case of an organization leveraging a SaaS application? In this case, it is likely that sensitive data will be stored and controlled by the third party and used by organization’s customers or partners in ways that the data never comes in contact with the organization’s network, firewalls, or any other security device or process controlled by the organization. As a CIO or CISO, this situation gives one significant concerns, as SaaS applications can leave one with little visibility and control regarding the security of the application and its data. Hence the second challenge is how to extend an organization’s security policies and controls to public clouds and SaaS applications.


This challenge has given rise to what are known as cloud access security brokers (CASBs), products that serve as security enforcement points sitting on-premise or in the cloud and logically exist between the organization and the cloud service provider to provide a range of services to include identity authentication and authorization, device profiling, application whitelisting, encryption, alerting, malware detection, etc. Some of the leading vendors in the CASB market include Bitglass, Forcepoint, Cloudlock/ Cisco and Skyhigh Networks. The use of CASB solutions is growing rapidly, with Gartner reporting that by 2020, 85 percent of large organizations will use CASB solutions, up from less than 5 percent in 2015.


SaaS-based applications are becoming increasingly the way organizations can quickly and easily leverage new applications


On the positive side, the CASB vendors have significant capabilities and are filling a void in the market. As a former CIO, however, I have a jaded view of solving enterprise IT security challenges by continuing to add tools and then working internally to integrate them. I have rarely seen this strategy work well. As such I have become a proponent of the view that the best approach to address enterprise IT security challenges is to use an IT security platform that provides the range of capabilities to help prevent, and when necessary, detect breaches in the enterprise. In this market, Palo Alto Networks, Cisco and Check Point Software provide integrated platform solutions (disclosure: I am a member of the Palo Alto Networks Public Sector Advisory Council).


As an example of the value of a platform, Palo Alto Networks has recently extended its platform capabilities into cloud solutions and SaaS applications. What is particularly intriguing (and operationally appealing) is that I can set my security controls for a type of data (for example, tailor the controls according to the data’s sensitivity), and Palo Alto Networks technology enables me to enforce those policies throughout its platform, irrespective of whether that data is residing in my own data center, an outsourced data center, or in a SaaS application on a public cloud. This greatly simplifies administration of security policies throughout an enterprise and offers advanced threat prevention. Furthermore, one of the growing exploits used by attackers aims to infect users via malware via SaaS-based applications, since adversaries know that most organizations do not have the same ability to monitor those SaaS applications the way they do internally-based applications. A key component of these platforms is the ability to bring threat detection and prevention capabilities to all aspects of the IT infrastructure and applications, including those residing in the cloud.


The use of SaaS-based applications is becoming a preferred approach for rapidly delivering new capabilities for organizations. The demand is coming from the business users, and as such, IT organizations must accept and plan for continued expansion in the number and use of SaaS. Accordingly, IT organizations need to develop a comprehensive approach for addressing the security challenges that come with relying on third-party computing and applications, even though the user and data may never traverse the organization’s network or data centers.


Weekly Brief

loading
Towards a New World Order
> <
  • Regulatory Services 2022

    Top Vendors

    Current Issue
  • Clinical Stage Biopharmaceutical 2022

    Top Vendors

    Current Issue
  • Clinical Trial Management 2022

    Top Vendors

    Current Issue
  • Clinical Trial Management 2022

    Top Vendors

    Current Issue
  • Regulatory Services 2022

    Top Vendors

    Current Issue
  • Clinical Stage Biopharmaceutical 2022

    Top Vendors

    Current Issue
  • Clinical Trial Management 2022

    Top Vendors

    Current Issue
  • Clinical Trial Management 2022

    Top Vendors

    Current Issue

Read Also

How Regulatory has Become Strategically Important to Food andFeed Companies

Caroline Herody, Head of Global Regulatory Affairs,Chr. Hansen
How Regulatory has Become Strategically Important to Food andFeed Companies

Data Science In R&D: It Is About Culture

Philippe MARC, Executive Director, Global Head of Integrated Data Science, Novartis
Data Science In R&D: It Is About Culture

Partnering With A Cdmo For Successful Late Phase Biologic Drug Product Development And Launch

Roman Mathaes, Head of Pharmaceutical Services and Cristina GrigoreCristina Grigore, at Lonza
Partnering With A Cdmo For Successful Late Phase Biologic Drug Product Development And Launch

Leading Global Cdmo, Pci Has Further Expanded Its European Biotech Packaging Capabilities With Investment Across Europe In Both The Uk And Ireland Facilities

Chris Dobbs, CEng., MIET, Head of Technical Engineering, PCI Pharma Services
Leading Global Cdmo, Pci Has Further Expanded Its European Biotech Packaging Capabilities With Investment Across Europe In Both The Uk And Ireland Facilities
Encouraging Innovation in Healthcare in a COVID - 19 World

Encouraging Innovation in Healthcare in a COVID - 19 World

Duncan Turner, General Partner, SOSV, Managing Director, HAX
How Allogeneic Stem Cell Therapies Can Transform Prospects In Inherited Retinal Diseases

How Allogeneic Stem Cell Therapies Can Transform Prospects In Inherited Retinal Diseases

Gil Carrasquinho, VP Head of Cell Therapy, Santen

Optimizing Clinical Trials: Leveraging Technology To Improve Drug Development

Craig Herron, Managing Director, iSelect Fund
Optimizing Clinical Trials: Leveraging Technology To Improve Drug Development

Addressing the Expanded Role of Patient Engagement in Clinical Research

Denis Curtin, PhD, Principal, eCOA & Patient Engagement, Signant Health
Addressing the Expanded Role of Patient Engagement in Clinical Research
Loading...

Copyright © 2022 Life Science Review . All rights reserved. |  Subscribe |  About Us follow on linkedin

This content is copyright protected

However, if you would like to share the information in this article, you may use the link below:

https://www.lifesciencesreview.com/cxoinsight/cloud-and-saas-security-the-need-for-a-comprehensive-approach-nwid-59.html