There are many Rainshadow regions across the world, isn't it? In Asia, the Himalaya mountain range acts as the catalyst for the rain shadow effect over the Tibetan Plateau, Central Asia, and the Gobi Desert. The Japanese Alps create that same phenomenon over the Kanto Plain in the Tokyo region. The Arakan Mountains also have that effect over the central regions of Myanmar. In the Middle East, the Judean Hills have the same effect on the Dead Sea and the Judean Desert. The Zagros and Elburz Mountains in Iran create the same effect over the Dashti-Lut region. In South America, the Atacama Desert, Mendoza region, and Valle Central in Chile, the experiencing of a rain shadow effect therein is due to the presences of the Andes Mountains.
The role of 'tall Mountains casting shadow' here in Information Technology (IT) is been played by Hosting Solutions/Cloud vendors. There is tremendous shadow casted over locally managed infrastructures. The pressure of not being able to match the lowered costs offered by Cloud vendors eventually is resulting into every environment embracing the cloud more than ever before. If a competitor reduces operating cost by 30% by decommissioning all local hardware and moving into cloud, it means that they can now sell their product at a discounted price. Other competitors who stay rigid on their approach of not accepting the change and outsourcing technology would either loose market share or run with reduced/no profit margins. This is exactly what I call a rain-shadow situation introduced not by the Himalayas, Alps or the Elburz but the Cloud Providers the Amazon, Google, HP and IBM.
Eventually this dense shadow would/has force/d even one of the most busiest e-commerce businesses to adapt the cloud. The tunneled cloud based service providers, offer easy solution to the most critical issues of Business Continuity and Disaster Recovery which is an added advantage. Does this mean it would now rain in a rain-hungry (rain-shadow) belt after movement to IaaS Cloud. The flood of connections coming from the WAN would now stay on the WAN itself or maybe go to your provider's network now. So to our analogy, we accept the fact that cloud stays within cloud, rather water flows within the cloud and ultimately does not leave the cloud. To the most extent, may be piped from one cloud to another but stays there right at the top. There are no issues with this type of a system however the major issue is with sharing the data for inspection for various technologies like inspection of traffic vulnerabilities, IDS, IPS and most importantly Data Loss Prevention for e-gress traffic. Is this all under control now? Both no-rain or cloud bursting (flooding) rain are bad.
The point I'm trying to make is that we all need regulated rain. Regulated via switches and regulators. There has been remarkable amount of vacuum in this space for quite some time now but the union of Symantec + Bluecoat + Elastica, we're finally in a space which is the most ideal. Neither living in rain shadow nor getting overly flooded. Compliance scenario is improving with CASB and manual pointers now.
Cloud adoption has created new security and compliance issues. Enterprises are struggling to understand the data security and compliance impact of aggressive employee and organizational adoption of cloud applications while also trying to determine how to maintain data security and compliance with new data residency laws as their infrastructure moves to the cloud. This is where a Cloud Access Security Broker (CASB) comes into play. Startup CASB vendors can provide visibility into cloud application risk - largely based on proxy logs; those vendors, however, lack any control point for web and cloud traffic to implement policy control to mitigate the risk of shadow cloud. Moreover, they lack advanced threat protection that can protect from threats that may come from cloud application usage. Lastly, as these vendors require integration to an existing proxy to function, it makes sense that Symantec is a natural fit to perform these services natively instead.
Symantec CASB Solution Components:
- Cloud Application Visibility and Risk Intelligence (“Audit”) allows organizations to discover and analyze cloud application usage within their organization for both sanctioned and non-sanctioned application usage. The Audit product delivers an understanding of who is using which applications, how much data is moving in and out, and where the risk lies across cloud application usage.
- Cloud Application Threat Protection and Data Controls (“CASB Gateway”) provides the ability to deliver in-line granular control over user interactions with cloud applications by recognizing usage and applying policies to maintain data security. The CASB Gateway offers data loss prevention, user behavior analytics, and file encryption capabilities to mitigate the risks introduced with cloud application usage.
- Cloud Application Data Control and Threat Protection (“Securlets”) protects cloud accounts, controls user activity and governs data within cloud accounts through direct API integration with cloud applications. Securlets also enable incident response and forensics to monitor, log and capture activities that occur within cloud applications.
- Cloud Data Protection allows you to encrypt or tokenize cloud data to assure compliance with data residency laws and other compliance regines. It works with public cloud SaaS applications like ServiceNow, Salesforce, and Oracle. CDP intercepts sensitive data while it is still on-premises and replaces it with a random tokenized or encrypted value, rendering it meaningless should anyone outside of the company access the data while it is being processed or stored in the cloud.