CloudLock has launched the Community Trust Rating service as part of its Cloud Information Security Suite. The cloud IT security company unveiled the new cloud security offering at RSA Conference 2013.
The trust assessment system was designed to use collective intelligence of enterprises that use Google (NASDAQ: GOOG) Apps and builds on CloudLock's Apps Firewall for Google Apps product. The purpose of the system is to help enterprises evaluate third-party applications in determining which apps should be granted access to employee data.
The CloudLock product tries to make things simple by classifying applications as either "trusted" or "banned." The two-way switch is meant to give enterprises more control over which applications to embrace and promote and which are not appropriate for the corporate domain.
"When companies move to cloud platforms, they do so to enjoy greater collaboration and improved productivity while still maintaining the same information security, governance and regulatory requirements of their on-premise systems," said Gil Zimmermann, CEO and co-founder of CloudLock, in a prepared statement. "Cloud security is unlike traditional preventative approaches to security that put obstacles in the path of users. That strategy is fundamentally flawed because employees have shown resourcefulness and outright refusal to abide by security policies that inhibit their productivity. CloudLock enables organizations to build content-aware actionable security practices and policies that govern the use of corporate data as an augmenting security layer that provides insights into employees' actual usage of the official cloud environment."
Zimmermann indeed has a point. One of the biggest problems currently facing IT departments and organizational security today is the use of rogue cloud services—cloud applications that have been commissioned without the approval or knowledge of IT. Cloud can be a great cost benefit for a lot of businesses, but using it without the approval of IT can be extremely problematic. Not only are individuals or departments going behind the back of IT to use unapproved services, but they're also potentially opening up their employers to risk.
"Preventative controls do not just prevent bad things from happening—they often also prevent opportunities. Preventing the use of new mobile devices or cloud services limits the opportunities they provide. Allowing their use, but with onerous controls, doesn't always solve this dilemma," said Tom Scholtz, research vice president at Gartner, in a prepared statement.