The migration of enterprise data to cloud applications like Salesforce, Box, Office 365 and Google Apps, coupled with the massive surge in mobile device usage continues to challenge IT and security teams. One of the operational challenges for IT is ensuring the security and compliance of user devices accessing sensitive cloud data.
“As cloud becomes the preferred delivery model for applications, security controls to protect data in the cloud must extend to device access," said Assaf Rappaport, CEO, Adallom. “For IT security professionals, the diversity of devices, both managed and BYOD, accessing high-risk data in cloud applications, requires an approach that can identify potential compliance violations and mitigate risks without hindering end users.”
Adallom and OPSWAT’s integrated solution combines Adallom’s purpose-build cloud application security platform with OPSWAT Gears, a cloud-based solution for device posture assessment and compliance to bridge the gap between SaaS and endpoint compliance.
Adallom’s purpose-built cloud application security platform delivers a seamless experience, integrating with and securing cloud applications in minutes. Enterprises using Adallom today can implement comprehensive and security controls, including access control policies based on user, IP, device (managed or unmanaged) and role. With the OPSWAT Gears integration, enterprises can now also monitor and enforce the status of Windows and Mac devices accessing cloud applications. This includes regulatory requirements like endpoint antivirus, software firewall, OS patch status, and hard-disk encryption.
“With Adallom and OPSWAT Gears, enterprise users can now enforce device security and compliance before cloud application access. Gears provides critical endpoint device information such as whether a device is protected by antivirus software, whether the device’s volumes are encrypted, whether it is password protected, if any unwanted applications are running, and whether the device is infected by keyloggers or other malware, both for endpoints managed by the installed Gears agent as well as for those running our dissolvable client. This partnership enables enterprises to ensure their users’ endpoints comply to enterprise security and regulatory mandates,” said Benny Czarny, CEO, OPSWAT.
The joint integration enables enterprises to address granular use cases for cloud access such as the following:
Regulatory compliance for data at rest, including HIPAA and FINRA – ensure sufficient encryption of hard-drives before allowing access to a cloud application.
Malware and antivirus detection - ensure endpoints are protected and double-check that they are free from viruses and malware before allowing access to sensitive cloud documents
Limit access for non-compliant laptops and PCs – limit user access to cloud applications from non-compliant devices. Both the Adallom and Gears platforms support user self-remediation, and Adallom provides enforcement of granular access controls such as “allowing access but blocking download of files”.
Finally, the integrated solution was designed for ease-of-use in mind-- it requires no browser plugins, and no Java or ActiveX to run. The process is nearly invisible to end user, and can be configured by IT in one click. When compliance issues need to be resolved, the end user is guided through remediation steps to gain access without contacting IT.