2. EVERYCLOUD
TODAY’S CHALLENGE
ISN’T CLOUD ADOPTION:
it’s about ensuring you can access and use essential
cloud services with complete confidence in the safest
and smartest ways: to protect your business, avoid data
leakage and gain all the benefits without the risks. In the
new threat landscape, we make the cloud an enabler for
your business.
1
3. EVERYCLOUD
WELCOME
TO THE NO.1
CLOUD SECURITY
AND IDENTITY
ACCESS BROKER
From discovery to complete cloud confidence, your journey
starts with a simple question: what’s important to you?
Based in the heart of the City of London and
100% independent of cloud service providers,
EveryCloud helps you to understand the threats
you face in terms of unsanctioned IT - also known
as “shadow IT” - and deal with the proliferation
of cloud apps. We then handle all the difficult
work: creating, policing, enforcing and constantly
refreshing the right access and security policies to
protect your business, its data and reputation.
4. EVERYCLOUD
A
BY 2020
of large enterprises
will use a cloud access
security broker solution
for their cloud services, which is up
from fewer than 5% in 2015.
85%
Gartner, Inc. – How to Evaluate and Operate a Cloud Access Security Broker, December 2015
5. EVERYCLOUD
HELPING
YOU BE
CLOUD
CONFIDENT
In industry jargon, EveryCloud is a cloud access and identity
access security broker. But that hardly scratches the surface
of what you really need as an organisation and what we can
actually deliver: true peace of mind, countering the threats
you face today and in perpetuity.
We believe that every business should be free and
empowered to take advantage of the opportunities
and benefits offered by cloud applications. That’s
why we cover the entire continuum of cloud.
We can plan and protect every aspect of your cloud
strategy and usage. This means you can confidently
secure, access and use the applications your
business depends on while blocking riskier apps:
securing the cloud-based SaaS and infrastructure
services that drive higher productivity and enable
more cost efficient operations. We then monitor
and police those services on an ongoing basis. Most
importantly, we ensure you can adapt to changing
threats and exploit the latest technologies and
cloud solutions while fully protecting your sensitive
data, valued assets and corporate reputation.
6. EVERYCLOUD
EveryCloud is far more than a standard cloud access
security broker (CASB). Our engagement model is
designed to deliver continuous value to customers,
including dedicated Account Managers and regular
service reviews led by our Customer Success Team.
We are:
-- Proactive in protecting your business and
data, based on a 15-year track record in cloud
services
-- Expert in specifying and enforcing cloud access
and security policies specific to your business
-- Focused on exceptional service, tracking the
new threat landscape to ensure you stay cloud
safe
-- Committed to reviewing your needs and
indicating new solutions to deal with emerging
threats - quarterly, monthly, as-needed
TAKING CARE
OF
BUSINESS –
IN THECLOUD,
FOR YOUR
BUSINESS
7. EVERYCLOUD
BORNIN THE
CLOUD
EveryCloud’s award-winning founders
Paul Richards and Keith Purves pioneered
unified communications and cloud
telephony for UK companies, building a
hugely successful business that became
an elite member of the Fast Tech Trek 100
and one of the country’s fastest growing
telecoms providers. With EveryCloud, they
are now revolutionising cloud access and
security services for UK businesses.
8. EVERYCLOUD
Supported
applications
More than 100,000
apps have already been
discovered and the
number is constantly
rising.
One conservative estimate
suggests that an average
enterprise today has 1,154
apps – this is far more than IT
departments expect, and less than
10% of those apps are considered
sanctioned.
The threat is real. Cloud security
provider CloudLock report that
shadow IT applications create
a ‘perfect’ group of three risks:
“data loss through unauthorised
channels, injecting malware to the
environment and compromising
users’ identity”.
For example, authorised users
might download third party
applications, perhaps a game,
using company credentials,
inadvertently giving that
application access to secure or
privileged information.
A key challenge is controlling
what applications users grant
permissions to, and ensuring you
block the riskiest of apps from
accessing your secure or sensitive
data.
In the new threat landscape,
as risks multiply constantly,
EveryCloud ensures the strongest
cloud security and compliance for
your organisation.
We help you understand what
apps are being used and where,
how your app infrastructure holds
together, where vulnerabilities are
hiding, and the risks you face.
9. EVERYCLOUD
WHYEVERYCLOUD
cloud services are known,
most enterprises struggle to
consistently verify compliance or
the secure handling of sensitive
data within and across these
disparate services. Enterprises
have no standardised way to
detect whether (and when)
compromised credentials or
unmanaged devices are used to
access cloud services.”1
-Gartner Inc
“EVEN
WHEN
As a
result
Gartner, Inc. - “Many enterprises lack a
complete understanding of the cloud services
they consume and the risks they represent,
which makes compliance and protection
difficult.”1
of businesses using cloud services
have reported losing data... one
third of all data loss prevention
policy violations occur on a mobile
device... and the maximum fine
under EU General Data Protection
regulations is 4% of turnover. The
danger is real.
a growing number of
organisations want a next-
generation cloud access security
broker to act as a centralised
control point of expertise and
control: to set their cloud access
and security policies, monitor
user behaviour and the threat
landscape, and effectively manage
risk across all cloud services at
the same time.
32%
1 Gartner, Inc. - How to Evaluate and Operate a Cloud Access Security Broker,
December 2015. Analysts: Neil MacDonald, Craig Lawson
10. EVERYCLOUD
As enterprises increasingly demand
cloud services, information security
teams need a control point for the
secure and compliant use of cloud
services that simultaneously address
the need for secure access and
threat protection. CASBs provide
this control point.
Gartner, Inc. -
11. EVERYCLOUD
A CRITICAL
REQUIREMENT
Gartner state that CASBs address a critical requirement in terms
of enabling organisations “to set policy, monitor behaviour and
manage risk across the entire set of enterprise cloud services
being consumed, [providing] information security professionals
with a critical control point for the secure and compliant
use of cloud services across multiple cloud providers...
[cloud] adoption is becoming pervasive in enterprises, which
exacerbates the frustration of security teams looking for visibility
and control. CASB solutions fill many of the gaps in individual
cloud services, and allow chief information security officers.
(CISOs) to do it simultaneously across a growing set of cloud
services.”2 Indeed, Gartner analysts estimate that by 2020, the
vast majority of large enterprises will be using a CASB solution
for their cloud services – but why wait until then?
We diverge with conventional CASB based on the scale,
coverage and overall control we offer: the EveryCloud approach
brings new levels of visibility and control that you cannot get
anywhere else, and certainly not through existing measures.
While CASB solutions may be deployed in forward or reverse
proxy mode to enforce inline controls, for example, the
similarities to web proxies end there.
‘We already have a firewall
and web proxy’
EveryCloud solutions are not network security measures
focused on inbound threats and filtering; our approach provides
a 360° perspective that enables deeper visibility, granular
controls as needed and continuous improvements in cloud
access, usage and security.
Gartner, Inc. recommends following a process that includes
continuous cloud access discovery, verification and protection,
and initiating deployments using discovery/risk assessment
ratings of the cloud services an organisation is using.
The opportunity is to harness the continuous visibility provided
by a CASB service to standardise on the most appropriate,
functional and secure cloud services for your organisation, and
2 Ibid
12. EVERYCLOUD
EveryCloud’s methodology builds on
Gartner’s four pillars of cloud access
security – Visibility, Compliance, Data
Security and Threat Protection – to provide
new capabilities and controls in the face
of increasingly complex shadow IT and a
constantly evolving threat landscape.
ENABLING
YOU TO BE
CLOUD
CONFIDENT
13. EVERYCLOUD
OUR METHODOLOGY:
BE CLOUD
CONFIDENT
The EveryCloud approach is carefully aligned
with the demands of your business, the security
risks you face, and the real-life needs and
behaviours of your user community.
Our methodology adapts and extends Gartner’s four
pillars of cloud access security: Visibility, Compliance,
Data Security and Threat Protection. What’s different is
that we make these pillars a living, evolving part of your
ongoing cloud and business IT strategy - taking you
through the essential stages of Discover, Aware, Comply
and Certify to assure that your business and its assets
can be Cloud Confident.
DISCOVER
AWARE
COMPLY
CERTIFY
Reveal cost and risks,
identify dangerous
shadow IT and
unsanctioned apps
Scrutinise and
refresh policies
as part of a
managed service
to tackle new
threats
Police usage for
regulatory
compliance
Shape the right
cloud policies,
educate your
people, build
awareness
14. EVERYCLOUD
We take you on the journey to complete cloud confidence.
By that point, your business has been assessed, security
gaps identified, potential threats recognised, cloud services
protected, your business and people understand the risks,
robust policies are being policed and enforced, regulatory
compliance is ongoing, and you have the assurance of
continued protection through a cost-effective managed
service.
Being Cloud Confident means you continue
to evolve your business as you adapt to
new technologies and the changing threat
landscape.
OUR SERVICES
EXPLAINED
15. EVERYCLOUD
Reveal the true costs and risks you face - identify
shadow IT and unsanctioned services that can
compromise your data security, damage your
reputation and impact on profits
CLOUD
DISCOVER
-- Security Assessment to discover all cloud apps
-- Shadow IT: reveal the true costs and risks
-- Find sensitive data
-- Understand imminent and long-term threats
-- Reduce costs, overlap and duplication
EveryCloud experts perform a comprehensive Cloud Audit,
Security Assessment and Cloud Expense Management exercise
to understand the real costs, risks and opportunity facing your
business. Crucially, we ask the right questions and we listen to
you: about how you work, what services are most important to
you, your take on different apps, what you want to achieve, and
the risks you are already aware of.
We also take an in-depth look at what apps and cloud services
you use, analyse traffic patterns, examine how your people
access the cloud, and ask about your sensitive data - then
report back. What shadow IT and unsanctioned cloud services
are being used, when and where? Are you paying unnecessarily
for countless software licences you don’t need or are already
covered by enterprise agreements?
16. EVERYCLOUD
Creating the right cloud access, usage and security
policies – then educating people on the threats faced,
raising employee awareness and changing behaviour
-- Find all cloud apps and usage
-- Report on enterprise readiness of each cloud app -
identify risks
-- Report on sensitive data being shared publicly or outside
the business
-- Formulate appropriate policies - in partnership with the
business and users
-- Manage, restrict or deny access to certain apps, revoke
sharing of documents
Policy development, education and awareness are crucial,
focusing on unsanctioned versus sanctioned IT, the threats
posed by shadow IT, and the wider external risks you face.
EveryCloud brings you huge cloud experience, business and
organisational insight, and deep security know how – so you
can fully appreciate the risks you face from technology, people
and practices, your cloud providers and other external threats
including criminal attack. We can make you fully aware, for
example, of where your cloud apps actually process and
store data, and if your apps are providing the appropriate
protections for personal user and customer data against
unauthorised access, loss and alteration.
Crucially, we then shape the most appropriate cloud access
and security policies for your organisation, including firewalls,
emails and data loss prevention - to provide the highest levels
of protection in ways that make sense for you while avoiding
any negative business impacts. This can include different levels
of data access, with more draconian measures like blocking
to lighter-touch activities including employee education,
awareness and behaviour change programmes.
CLOUD
AWARE
17. EVERYCLOUD
Police and enforce your cloud access and security
policies - including monitoring, management and
alerts to take action fast and ensure regulatory
compliance
-- PCI and credit card security
-- Personal information, employee data
-- EU General Data Protection Regulation (GDPR)
-- Policy enforcement
-- Internal compliance
-- Confidential and sensitive data
Policies must be enforced: it’s as simple as that. Enforcement
is crucial to protect your organisation and its data, to avoid
regulatory intervention, costly fines and reputational damage.
Once you have a genuine understanding of the internal
risks and external threats you face - and once appropriate
cloud access and security policies have been developed
and agreed – the next step is a full commitment to enforce
those policies and ensure compliance, most clearly in data
protection. This demands expert monitoring and professional
management of all cloud apps and services, and including file
content monitoring to locate and report on all regulated data
– including financial and customer personal data – that your
cloud apps and services access, store or use.
CLOUD
COMPLY
18. EVERYCLOUD
GET
READY The GDPR is coming, and organisations need to start planning
for this new and far stricter data protection regime right now.
EveryCloud can support you every step of the way.
For example, all privacy policies, procedures and
documentation must be robust and current, with data
protection authorities able to request them at any time.
Do you have an in-house data protection officer already, along
with an accurate and up-to-date information asset register,
strong technical and procedural controls over all data, and
privacy policies - managed on an ongoing basis - that not
only inform users and customers how their personal and
confidential data will be stored and processed but that also
have their consent?
EveryCloud will help you avoid breaches that might cost your
organisation a minimum of €250,000 up to €1,000,000, or four
percent of turnover.
The new General Data Protection Regulation
(GDPR) not only strengthens data protection
for individuals within the European Union,
it also covers the export of personal data
outside the EU.
New EU data protection regime
19. EVERYCLOUD
Your route to stay cloud confident and ensure you
are cloud safe: continued scrutiny and regular refresh
of your access, security and data protection policies
through a cost-effective managed service
-- Data Loss Prevention (DLP)
-- Compromised accounts
-- Cloud malware
-- Highest security including encryption
-- Ongoing review and refresh of policies
So long as the threat landscape continues to shift and as new
regulations come into force - demanding ever-higher levels of
security – then all-encompassing threat protection and data
loss prevention strategies will remain critical.
A planned programme of review and recommendations is the
engine that drives the regular scrutiny, assessment and refresh
of the policies and procedures that deliver cloud confidence.
This activity is carried out by the EveryCloud Customer Success
Team within a cost-effective managed services framework:
ensuring your cloud access and security framework is solid
today and updated in perpetuity, regardless of the data
involved or business requirements, and for any app, cloud
service or provider.
CLOUD
CERTIFY
20. EVERYCLOUD
Once your EveryCloud access and security framework is implemented, you benefit
from an ongoing review cycle that covers incidents, alerts and issues, prioritising
threats and risks so the most important are dealt with soonest. This means you
can protect the assets most important to you at a time when the volume of IT
incidents is rising steeply, requiring a focused and proportionate response. The
EveryCloud approach, for example, identifies compromised accounts and protects
you against cloud malware. A monthly review by your EveryCloud Customer Success
Team examines all incidents raised and looks at making continuous improvements,
including Data Loss Prevention (DLP) policies that can be easily reported on and
enforced.
STAY
CLOUD
CONFIDENT
21. EVERYCLOUD
Gartner, Inc. – “To understand the risks represented by the use
of cloud services, enterprises need visibility into what cloud
services are already in use, by which people; the sensitivity of
the data being handled; which devices are used to access that
data; and from where it’s accessed.
Once a cloud service has been discovered, the organisation
can make a risk-based decision as to whether the service
is worth monitoring continuously and actively managing by
bringing it into the ‘sanctioned wheelhouse’. There are many
ways to achieve this continuous visibility...”3
YOUR
EVERYCLOUD
JOURNEY
STARTS HERE:
DISCOVER
RISKSYOU FACE
THE
3 Gartner, Inc. - How to Evaluate and Operate a Cloud Access Security Broker,
December 2015. Analysts: Neil MacDonald, Craig Lawson
22. EVERYCLOUD
A
GET IN TOUCH
WITH EVERYCLOUD
TODAY
TO REQUEST YOUR
FREE ASSESSMENT
TO UNCOVER THE
POTENTIAL RISKS IN
ALL OF YOUR
CLOUD SERVICES:
SOFTWARE SERVICES,
INFRASTRUCTURE,
PLATFORMS, IDENTITY,
STORAGE AND MORE...
-- Begin developing a 360° cloud view - including SaaS, IaaS, PaaS
and IDaaS
-- Start gaining visibility over accounts that may have been
compromised
-- Uncover cloud malware
-- Reveal threats to your data security
-- Check adherence to industry standard regulations – PCI, HIPAA,
FERPA and more
-- Focus on key risks to overcome today – and the risks posed by a
changing threat landscape
CALL
0800 470 1820
EMAIL
discover@everycloud.co.uk
WEB
everycloud.co.uk
23. EVERYCLOUD
A
Today’s challenge isn’t cloud adoption: it’s about ensuring you can
access and use essential cloud services with complete confidence in
the safest and smartest ways: to protect your business, avoid data
leakage and gain all the benefits without the risks. In the new threat
landscape, we make the cloud an enabler for your business.
TO CLOUD ACCESS AND SECURITY:
VISIBILITY, SECURITY AND COMPLIANCE
FOR EVERY CLOUD
A NEW
APPROACH