Register | Login
Advertising
Register
Login
Most-Viewed Articles
New Articles
Publishing Log
Top Publishers
Top-Rated Authors
Top Searches
Trending Articles
Trending Searches
Animals
Arts
Business
Computers
Education
Finance
Games
Health
Home
Internet
News
Recreation
Science
Shopping
Society
Sports
Technology

Don?t Rely on URL Categorization Services for Cloud Access Policy Enforcement

Posted by Tomas Cohen on September 8th, 2014

This is the second installment of The Top 10 Quick-Tips for Shoring Up Your Cloud Data Security. Last week we discussed creating consistent policy enforcement across your regional egress devices. Today’s tip sticks with the theme of cloud access policy consistency, but addresses a different piece which is often overlooked.

Cloud access policies are incredibly useful. They enable enterprises to offer their employees a variety of great services that make them productive, while maintaining the various levels of security, governance, and compliance required. That being said, enforcing these helpful policies with your firewalls and proxies can be a journey of frustration and defeat.

Firewalls and proxies are terrific when it comes to preventing access to inappropriate sites that employees shouldn’t be accessing at work or on work devices. However, you will find them woefully inadequate if you’re trying to use them to block access to high-risk cloud services.

There’s no shame in trying. Almost every customer we work with first attempts to enforce their cloud access policies via their firewalls and proxies. It makes perfect sense - that’s how you block access to all other sites, right? The disconnect exists because proxies and firewalls typically rely on 3rd party categorizations services that are unable to accurately identify and classify cloud services. (A few proxies have their own proprietary classification services that experience the exact same issue).

These services attempt to classify 300M+ different URLs, and their focus is on finding the sites that offer, drugs, porn, guns, and gambling. Their enormous scope results in categorization that is often incomplete (i.e. they are not aware of new cloud services and therefore, these new services are categorized as “unclassified”) and inaccurate (i.e. cloud security services are miscategorized as internet services).

For example, a customer in the technology sector standardized on 3 low-risk cloud storage vendors and attempted to use their proxy to block all others so they could prevent IP leakage, compliance issues, and unnecessary costs. They found 6 other cloud storage services still in use including Pogoplug, 4shared, and RapidGator. The proxy’s categorization service mis-classified the first two as internet services and the third was unclassified, meaning that users could freely access all three.

Using a classification service focused exclusively cloud services, rather than one focused on hundreds of millions of internet sites will allow you to use reliable information when enforcing your cloud access policy.

Author:

Tomas Cohen is a security enthusiast and analyst covering the most significant security topics and trends prevalent worldwide. He also involves in the technology related to Cloud Security, Data Loss Prevention, Cloud Data Security etc.,

Like it? Share it!


Tomas Cohen

About the Author

Tomas Cohen
Joined: July 25th, 2014
Articles Posted: 19

More by this author
Trending Articles | Register | Login
Copyright © 2010-2024 Uberant.com