With access control now covered, it’s time to consider another big issue with regards the adoption of cloud – controlling the information that is sent to the organisation. This can create a particular problem when users are dealing with the challenge of mobile devices as well. If an organisation doesn’t approve personal mobile devices then users who wish to view personal documents will often use cloud-based file sharing services, such as Dropbox, then enabling them to download these documents to their mobile device. This can lead to sensitive data sitting on public cloud services.
With O3 users accessing the Internet via a gateway, it will be possible for Symantec to look at the traffic being sent to and from cloud services, enabling us to develop the next release of O3 and give the ability to protect information being sent to the cloud.
Symantec is planning a new release of O3 at the end of the year which will make it possible to plug this gap. As the traffic passes through O3 we will enable organisations to monitor against their Symantec DLP policies and if this breaks company policy either block the file being uploaded or call PGP encryption. If this call is made then it will seamlessly encrypt the document as it is passed to the cloud service and then decrypt it when it is being downloaded. This will ultimately allow the information to be protected when being stored in the cloud service but for it to be invisible to the user and not affect their experience.
We will then look at an app for the iOS to allow these sensitive files to be downloaded to a secure area of the mobile device where it will remain encrypted and protected. This zone will also be used to facilitate the O3 single sign on and allow access to this from mobile applications.
Finally, visibility into cloud access is an area which many have been keen to see developed. With the introduction of the O3 gateway, we will be able to audit which cloud services users are accessing, as well as, tracking the policy decisions and configuration made by admins. It will then be possible to feed this information into security incident and event management tools to allow organisations to see their cloud logs alongside their policy and access logs for internal information. This will be continuously expanded to address the compliance challenges that many have with accessing cloud based applications.
In conclusion, the cloud is ripe and with O3 it is now possible to take a layered approach. It has been developed to provide an easy to implement and manage cloud gateway that gives organisation the control of access to the cloud – directly addressing the biggest adoption of cloud services.