KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Good afternoon, everyone. And welcome to this KuppingerCole webinar on managing risk through cloud app authentication with 360 degree control. This is Mike Small, and I'm a senior Analyst with KuppingerCole and my co speaker this afternoon is David hold, who is chief strategy officer at CNET. So KuppingerCole is as a, an industry Analyst and we focus on it. Security matters in particular. And my specific area of coverage for some time now has been around that of security and the cloud. And we provide a range of services, both to vendors and to customers of it.
It products as well as running events and notably the E it conference in Munich, every may. And next year, we'll also be having a digital finance world conference. So for this webinar, just to note that you are all centrally muted, the webinar is being recorded and you will be able to get access to a recording tomorrow. We will hold a Q and a at the end of the session. And you can ask questions at any time during the, the session using the Q and a tool, which you should find in the, the, the, the go to webinar control bar.
So this afternoon, we, I'm going to start the presentation off by talking about the Analyst view of this problem. And this will be followed by David hold, talking about a solution that CNET have and their vision for how they can solve the problems that I'm going to put forward. So when we look at the cloud, one of the things that is quite evident is that there are different perspectives on the issue of risk security and compliance around the cloud. That there was a time when people were concerned about security, and that now is mainly over. People are asking more about compliance.
There was a time when organizations were unwilling to embrace the cloud, and now most organizations are using the cloud, whether or not they know it. And in order to do this safely, you have to get a balance of risk and reward. And one of the problems has been that the sheer volume of cloud applications that people can get hold of, and the fact that nearly every employee associate and contractor uses the cloud for personal purposes means that they assume that they're going to have the same level of service when they use their organizational systems.
And maybe they don't realize the risk that is happening. So I think there are two basic perspectives of, of, of the cloud and the business. And it have a different view that from the business perspective, the business leaders are interested in moving their organizations to a digital business. They want to connect with their customers and provide new and innovative applications and products in order to connect better, to retain customer loyalty, and even to create new products. And the way they see risk is in terms of a business risk, which is quite a different thing.
Now, from the it perspective, the cloud is often seen as a means to reducing cost and improving it efficiency in a time of ever decreasing budgets. And the problem that it often see is how can you migrate existing applications and still retain compliance and security. And so these two different perspectives have in some way, a conflict in, in what is happening that the line of business will buy the cloud without tu it. And the it department will feel threatened by the, the lack of concern that's being put around the issues that they care about.
So the problem is how to mitigate and match both of those requirements in a way that provides a management of the real risks, both the business risks and the it risk.
And if we look at the cloud challenges from a point of view of risk and compliance, we'll see that compliance is in fact, the top concern to most organizations now cybersecurity remains a risk, but increasingly the issue to do with cybersecurity is not about the security of the, the cloud as managed by the cloud service provider, because most of them actually do a, a much better job than many small businesses, but rather that if the way in which the applications are used, the way in which the data restore the way in which people authenticate themselves is not done properly, that there is the chance that the customer organization will introduce flaws, which can be exploited.
Availability is also because many organizations take the view that once we've signed the contract with the cloud service provider, that's all we need to do. But the cloud is something that connects via your infrastructure and via the public switch network or other kinds of ways.
And any, anything that impact on those can also impact on in, in addition, there is a worry that if you use a specific cloud service provider, then you're going to become locked into it. And that you might find that there are legal risks that provide, prevent you from moving or getting the best value at a later date.
So what we have to remember is that compliance is, as I say, the main challenge, and from a compliance perspective, even if you are using the cloud, you may find yourself responsible for a lot more than you, you would otherwise think so, depending upon the kind of cloud service you are using, you will find that you have more or less responsibility. And so in an infrastructure as a service environment, you are responsible for patching the OS. You are responsible for the middleware and the application, as well as looking after the data at the other extreme.
If you are using software as a service, then most of the infrastructure and the application and the OS are the responsibility of the provider. But since you on the European law will be the data controller. You will still be responsible for what happens to that data, even if the loss is in fact, due to a fault that isn't your own. So that means it's really important that you understand your responsibilities and you take account of them.
Now, if we look at the issue with cybersecurity, as I was saying earlier on cybersecurity is now becoming a personal issue and that cyber criminals are not breaking down firewalls, but rather they are finding ways to mimic what is legitimate user activity. They will hijack accounts. They will find their win way in to create accounts, or they will get hold of the passwords to the administrator systems.
And so it's really important to understand from this who is using your systems and those include the cloud, and that you are able to know what those people are doing with your data, so that you stand a chance of being able to detect the kind of activities of criminals and misuse of your data. Now, one of the issues with the cloud is that much of the control of the infrastructure and how things are run, Lee is out of your hands. And so you actually need to have a proper way of managing and assuring this.
And that's rather different than the way in which we, we, we normally, as it, people have been used to doing things ourselves. So you need to have a proper understanding of what your objectives from using the cloud are, and to have a cloud policy. And that includes in informing your employees about what is legitimate use of the cloud and what isn't legitimate use of the cloud, as well as giving the lines of business a way to officially obtain cloud.
And that also that policy also leads to a proper set of security policies and security processes around the cloud, and indeed to a proper process for cloud procurement. And at the end of this, you end up with a risk analysis process that leads you to a decision about a particular cloud application and a particular set of vendors. And in most cases, what you are going to do is to decide on a set of mitigating controls, which allow you to use that and to accept it. So once you've done that, you then have to implement the controls and monitor the cloud against that.
And this is where in, in, in a sense, many organizations have fallen down because they may have been paralyzed or not even had any kind of system for what's on the left hand of that diagram. In fact, I found one organization, which we came across that had gone and queried. Every cloud service provided they could think of, and they had a vast array of data on the controls that could be implemented, but they didn't know what their objectives were and why they were using anything.
And many organizations don't even know what cloud they're using, and they have no way of implementing any kind of control over what is being used. And so it's really important that you set this policy and this policy should lead you to these acceptable use policy and a policy for the kinds of cloud service you're going to provide. And that leads you on to being able from that, to understand what the risks that really matter are because often people are concerned with risks that don't really matter. And I came across an organization that refused to use the cloud under any circumstances.
And they found that one of their departments kept saying they wanted to use Dropbox. And eventually somebody said why? And the department said, well, they were responsible for creating the publicity material, which was going to be put on posters and spread widely. And that the way this publicity material had to be delivered to the printer was via Dropbox. So the concern over the, the use of the cloud was completely unwarranted in that particular case. So nobody done a proper risk assessment and understood what the controls should be, but that's what should be done.
Now, when we actually get round to, to implementing this, I believe that we should have a thing that I call active risk risk management, which is to do with monitoring what you do with the cloud that says monitor the known cloud that you think you should be using. You detect the shadow cloud, that you didn't know, people were using that, whatever it is, you are going to compare this with what your policies are. And when you find that there are divergencies with your policies, then you improve the controls and to do that, you need technology. And that technology is indispensable.
Now you might say that it would be nice if that technology was built into the, the systems that we already have, the security tools we already have. And unfortunately it isn't. And so this had led to a breed of, of cloud specific security products that focus on that. So when we look at the different requirements for this, we have a requirement to be able to detect shadow cloud, and that needs to identify what services are being used to understand the risk of those services, because not all services are equally risky.
I mean, there are tens of thousands of cloud services, some of which are run by highly reputable vendors and some of which could well be attempts to fish to steal your data and are running in geographies that you would not wish to be involved with. You need to know not only which service is being used, but who is using that service and what data is being put into that service, then having understood that you need a way of controlling access.
Again, as I say, in an ideal world, you'd have some kind of federated system that controlled all of these things, but that isn't the reality of the way it works. You can put in federated systems for the control of the known cloud. And many of the big cloud vendors will help you to do that.
But you, you also need to be able to control this unknown or the cloud that is being used by your, your associates in your employers. And you need this control to be granular in the sense that it says who can access which services from which devices and from which locations, and in this world of the mobile device of the portable access to everything from anywhere, you need to be able to cover all of those different kinds of things. Then what kind of data is going into the cloud? What kind of data is already held there?
So you need to start off by being able to classify data, and that might help. If you have some kind of tools to help you, you need to discover what is there already and put controls over the movement of data, and also controls over the access of data, particularly to prevent data that has been put in the cloud from being accessed, if it is leaked or stolen. Now that is probably driven by your understanding of what you need for compliance. And that means you need to know what regulations you are working with.
And ideally you should be able to be sure that the tools and the vendors that you use to help you with this, understand your certifications and are able to provide out of the box tools to actually help you to achieve compliance in your use. And ideally, they should also be able to show that there are real customers who are using that stuff to achieve compliance and last but not least is the requirements for cybersecurity, which is an understanding of what are the real cyber risks that apply to your organization. And they're not all, all the same.
Some organizations are more sensitive to the loss of data. Some organizations can be very sensitive to the loss of customer service. How do you know whether anything is going wrong? Report after report comes out where it shows that criminals take less than an hour to infiltrate systems.
And yet, often they are remain undetected for months. So you need protection detection of that and protection against an authorized access, and probably some form of integration with your security operation control center or your cyber control center. So those are a set of requirements for an idealized solution to help you to protect your data and to safely use the cloud and to enable your business partners to, and your business lines of business, to achieve their business objectives by using the cloud and achieving flexibility and connection to their customers.
So basically in summary, you are using the cloud, whether or not, you know it, and you need some kind of cloud assurance process to manage it. And you need active assurance management in order to ensure that you are complying with it. And in a summary, this means that you need a cloud policy, which tells you what is acceptable.
You need a way of detecting what is actually happening, controlling it in order to make sure that it is conforming with the policy and then to have the continuous virtual circus circus circle, where you are improving the controls, where you find things that are different. And so that is the end of part one. And now I'm going to hand over to David Hal, who will take you through part two, Thanks a lot, mark, for your very good presentation and giving us some insights into all of this, shadow it and moving into the cloud. Hello everyone. My name is David halt.
I'm the chief strategy officer of sentiment. My background is I'm, I'm effectively just checking. I studied computer science and mathematics. And my goal today is trying to give you a little bit more insight into this shadow. It kind of story. How do we control people's access to the cloud? How do we in a secure and safe manner, move organizations into the cloud, utilizing all the huge benefits there are in using the cloud.
So I, I put together this agenda for you guys first, a very brief introduction into who sense and it is. Then I try to dig a little bit further into this, shadow it, the stories around everybody, bringing their own, everything, everything from applications to networks, to devices, etcetera, cetera. And then I give you some insights into how CNET can help you guys out doing that in a secure and safe manner. How do we actually control people's access to cloud application, some call it Canby, some call it cloud application control, et cetera. We simply just call it controlling.
People's access to applications in the cloud. And I will give you some screenshots about how our tool actually looks like so you can give, so you can get a pretty good idea around what effectively you can do in practical terms with our solution.
So, but very fast. Yeah, basically what this line says is that we are, we, we are all over the place. We have thousands of heavy customers. We are hundreds plus employees hiring all the time, new employees who wakes up every morning, trying to solve the issues you guys have moving into the cloud and using cloud applications.
So, but very fast. So the shadow it story, I think the biggest problem fundamentally with shadow, it is almost what the word says, shadow it stuff we don't know about all the, it, the people bring into the organizations that we haven't heard about. We haven't seen, we don't know about, and, and we need to control in a certain manner. We in the it department have been, have been very pleased. You can say for ages because everything that people were using, every single tool, every single application, every single device that people was using was given by the it department to them.
So we understood how it did. We understood the nature of it.
And, and you say, even from a security point of view, even more important, we controlled it. But nowadays all it takes for people to get access to very, very complex, very, very complex solutions is a credit card and a, and, and, and internet connection. People can now store all their company's customer data in the cloud. They use Salesforce, they use, they, they use storage. They take data that we need to protect and use to protect very, very efficiently in our data centers and now stored in the cloud.
And when we say bringing on, everything's also effectively because now people can get access to these solutions, get access to these data with devices, they buy themselves, they use their own home networks. So all of this, and if we, and by the way, if we believe that we have, we have seen it all now that, okay, it doesn't become more complex. I'll tell you what, it's just gonna get worse and worse and worse and worse. And we need to fundamentally begin to think in a different way, and to, to adapt the nature of the security issues we get from using the cloud.
I was just here the other day, two weeks ago or something, I was in the internet of things conference in Helsinki. And then nowadays you like remote access clients for your Tesla. You will have refrigerators that will tell you exactly what's inside of it. What I saw at this internet of thing conference was a pair of underwear that can basically measure your muscle activity. So it can tell you whether you're doing things right or wrong when you exercise.
I don't use it myself by the way, but, but just think about the amount of data, the amount of applications, think about how it will become when all of these different services out there in the cloud will begin to talk to one another. And, and you can say that that some of the major challenges in the cloud is, is that as an example, it might not be a problem in itself that a user downloads a customer list from Salesforce. It becomes a problem that minute, he takes that same list of customers and upload it to a public share in Dropbox, for example.
So it's, it's a matter effectively. And you receive that later on. It's a matter of being able to see and correlate data between different kinds of services. So you can basically track, you can track data and you can track application. You can do your threat analytics among different services. I think some called it machine learning and detect security, breaches, and security issues that you wouldn't have been able to do. If you only like had one, one, you can say one view into one kind of service. This is one of the big stories about Seattle.
It obviously Hillary Clinton using was it email to, to do, to do stuff regarding the states that contained confidential data. And she got into some kind of trouble with, with that.
And, and you can say she of everyone of course should understand and know the nature of security, but if a person like that, don't have it, like in her genes, just think about everybody else who don't have advisor running around her all the time. So people are trying to adopt this, but they don't do it to, to make our life miserable or hard. They do it simply because they can.
So, and of course, of course you can say all these changes about people being more mobile. And, and, and if we went like 10 years back, there were no Facebook. There were no LinkedIn, there were no Twitter. Salesforce was almost considered to be a startup back then there was no over 365, et cetera.
And, and the nature of these solutions now being present of course brings more and more trouble into the, into the scenario. And, and one of the fundamental things as, as you will see in our solution as well, which is called the USS, our unified security solution is that that's built from the ground up to grabs, grasp all these different services that would not only be there today, but hopefully we will see a lot of new services coming into the marketplace during the next years and probably services that we don't have a clue about.
And we don't imagine, and we cannot even imagine what we do and building, building a scenario where we can adapt these kind of solutions where these new kinds of service that we will see is very, very crucial from a technology point of view, in my opinion. So, and, and this is quite obvious, is it, is it reality? Yes. Is it a problem?
Yes, it is a problem. Just like you can say the Hiller restore, but there's like, as max says, numerous of reports saying that, that this thing about the stuff that we cannot control and, and you say the restructuring of procedures inside of organization is a real life problem. And is it going to be bigger?
Yes, obviously is going to be bigger. Nobody is any doubt about that.
And, and obviously from the reasons that we just mentioned about, we just see more and more complex services, we were more and more stuff, maybe not more and more stuff, really moving into the cloud, just the cloud offering more and more stuff that we can utilize. And therefore you can say the percentage of what's being, you can say computed in the cloud is obviously just gonna be bigger and bigger and bigger. Does it result in lots of data? It does resolve in lot. It does actually cause problems.
And, and of course the nature of the uncontrollable bit of it, when you move stuff out your data center, where you can, you know, and you've done for, for ages, you have bought all sorts of appliances and software and you're configured on stuff. Once you cannot use those tools any longer to protect your environment, you are obviously is gonna be compromised, just like the, and, and for the same reasons as you bought the stuff you put in your data center, that's the same reasons that will be present when you move stuff out into the cloud.
So our, our take on this is that we now need to control people's access to the cloud. We simply do not have any other choice and not because we wanna control people in the sense of controlling. We simply just wanna help organizations out being effective. And the problem with security in general is if you get compromised, if you get breached, you run into a lot of trouble. So if you look at this, for example, this is a screenshot from our, our unified security service.
That's that service I talked about, where you can, you can imagine that you, you have one single pan of glass into one unified solution that contains these different kinds of services. And the platform is basically prepared to be able to adopt new services. And when I talk about services, I talk about, you can say security service. And mainly in this, in, in this example is services and aimed at the cloud right now, I'm into the app service, as you can say, and this is where we can, where we can build our cloud application control.
But the first thing we need to do in order to control people's access is to get inside into what they actually are using. And here just picked out. As you can see in the left hand side, you can, you have a catalog of all the applications you, we can protect. And we have like hundreds of applications we protect. And every day, of course, there will be new actions inside of new applications that we will be able to detect. We have a whole team of people who does nothing, but look into applications, what applications is being used and what these applications is capable of doing.
So in this case, I just chose Salesforce. And if you look into some of the actions you can perform inside of Salesforce, we are basically made a baseline of what we consider to be risk and what we consider to be low risk. This is only meant for you to be able to eventually get a report where you can state and say that I want to see any kind of activity into any application that is considered to be high risk. And I wanna know who does it so effectively what it ends up giving you.
It gives you a report about who is using what power application, and maybe even more importantly, and for what, because one thing that I, I come from the authentication side of Sensenet what used to be called named SMS passcode and what SMS passcode, the authentication bit, which we have as well can do is whether it can grant access to a legitimate user.
So what we can do from the authentication side is we can say, okay, in this particular context is a user allowed to log into an application or not the counter application controlled bit, takes it a step further and say, okay, all of these different things that you can see here represented at these different actions inside of the application, you can eventually afterwards create policies that can allow a user to do a certain task not. But the first thing we need to do is get inside into what people are actually doing.
And, and you can see the granularity of the level of granularity that we can get into in people's in people's use of counter application, then effectively you set up these rules afterwards. And I think, I think the fun bit of this of course is, is aligned with what Mike said as well.
If you, if you look, and from the start, you have to start the rule and the next one, you have a condition. And I myself was actually a little bit surprised that to the extent of what people are actually capable of controlling people's access from. And obviously now, when you can, you can access remote access systems from your car, maybe soon from your refrigerator. A lot of people know you can do the same thing from your smart TV and, and even my kits game consoles can now be used to access stuff in the cloud. Then of course, we have to take those kind of things into consideration.
And the speed speed of whether these different devices are coming into considerations is, is just tremendous. Now my phone, my, my watch is actually on, on the, on the internet as well. And then you can set up, you can say, you can set up policies where you can either allow people to do a certain thing, or you can block a certain thing, or you can redirect a certain thing, just like, you know, from the history of, of web filtering, a classic classical web filtering. The way we do it though, is, is, is, is smart.
I would say than what you would traditionally do, because usually when you have to control people's traffic into the country, we set up something called the proxy server. So just imagine that you have a proxy server sitting in between you, your device and the service in the cloud that you try to reach and what the proxy servers you can say in this case task is to decide whether you're allowed to do a certain action or not.
But the problem with the proxy server in a traditional manner is that you would have to route all your traffic up to the proxy server for the proxy server, to look into the traffic and either lead it line and get it to reach its destination. But the fundamental problem with that is just think about the bandwidth you would end up needing, think about the latency that the users would experience and, and, and the nowaday. A lot of, a lot of these cloud services is deal location, a where you will break that cable location awareness for the, for the cloud services typically.
So there's just a whole bunch of problems with the traditional proxy server. The traditional proxy server was meant to save your data center in between you users on your local area network reaching out into the cloud. But the problem now is that the, that the people's access are everywhere. So we need to do it in a different way. And that's where we came up with a very, very, very smart way of doing this instead of the traditional product server. We basically either route trafficking through a gateway or through an agent that sits on the, on the end users device.
What that gateway service does is it takes basically a meter data set out of the request to the cloud. But just imagine what we are capable of doing is that we take a piece of the date out, but enough to identify whether this traffic should be legitimate or not. So instead of sending all the traffic up to the cloud, we just send a, a piece of the traffic up to the cloud, the cloud then, which is our USS that's what it, what a traditional processor would do. It would say, okay, is, is, is this, is this this legitimate?
Or is it, is it a false breed security kind of issue website we are trying to reach? And all of that analysis is done in account, and then a, a answers coming back to our agent, our gateway, which then either block the user's access to the service or grant some direct access to the service, which gives you huge benefits from bandwidth point of view, lasering point of view, gay location, point of view. And this is one of these ways I said in the beginning here, where we fundamentally have to think in a different way in order to be able to solve this problem.
So this is the sense that way of doing it very, very, very effective way of doing it. If you look into the actual unified security services, one of the people that people, one of the things that people get is a centralized dashboard, and it's a centralized dashboard that gives you insight into different services.
And, and here I try to represent some of these services in an umbrella. What we have right now is we have web security and cloud application inside of our unified security services. The main aim of this is not really, in my opinion, the administration bit of it, it's more the inside into the locks of the data that is needed in order to do real threat analytics.
Real threat analytics comes out of you having a data enough and not only having data enough, but have the right data in enough, you can say in, in, in enough amounts so that you can begin to correlate these different threat vectors and look into threats. You alternatively, if you didn't have locks from different services, you wouldn't have been able to find.
So, so right now we, I'm just basically gonna grab up some of the stuff that Mike says about the importance of making sure that know who the user is, who is the, that it all starts with the user. If you don't know who the user is, we have a fundamental problem. Once we know who the user is, we can start controlling the access to the account. And just as a side comment, it, you can say to begin with, it might not be necessary to know who the user is. It might just, I mean, give you some insight into who's using which application would be enough for right now.
You simply do not know what application is being used. Just getting the list of the application would take you a long way. Because once you have that list, you can start doing something about it. Say from an authentication point of view, you can maybe start to implement multifactor authentication into applications. You didn't protect before. So right now you have some application that is protected with multifactor authentication, which effectively means that you know who the use is, but you have a lot of applications you don't know about.
And therefore, obviously don't protect with multifactor authentication. Once you have done that, for example, then you can take it to the next step then can say, okay, okay, we have all these applications. We don't protect with multifactor authentication. Now we protect some of them, but the rest of them, we might have a better alternative that we could present to the customers, to our users, decentralized taskforce, give you a lot of insight. So for example, it can give you all kinds of statistics that you can configure yourself. I just took some of them here.
Give me the top cloud applications at risk. That's basically based on the risk factor we sent that, that you, where we looked into different actions of the, of the different cloud applications we can. And that's probably gonna more and more important. We can now see where, where is these cloud applications located? Where is our data traveling? A lot of compliance issues comes around, making sure that you know exactly where the data is.
And, and in some countries it's very, very important that the data, for example, only the country or they don't leave the EU, but a lot of vendors don't give you the insight into where is by data actually stored. Then you can look into which domains has been blocked, et cetera. If you look into the, the cloud, you can begin to categorize, and you can see who the users who are using the cloud the most is you can see what of, which of the cloud applic of being used the most. But just imagine that get this kind of insight into organization from there, you can begin to do something about it.
And some of it is building, building policies around it and building not only policies inside of the USS allowing or blocking people's access to different services. But it's also give you, you say the fundamental data that you need in order to have real policies that you can communicate to your users and give them better alternatives.
You of course can get a bunch of different kinds of reports out of this as well, just as you can get all these different dashboards that shows you all the differents of the account, you can also get all kinds of reports that tells you exactly what has been done by who and when, and et cetera. And you can schedule these reports so you can get them sent to your, to your mailbox as well.
For, for, you can say for further investigation. So hopefully this gave you a, you know, a insight into some of the capabilities we can do.
So, and I think the important part for, for, to, as a takeaway from this hearing is this is not an impossible task. It's a possible test.
It is, I suppose that's a, that is tools out there that can help you out adapting the cloud. And we are very, very, very good solution doing that. And the good news for you is, is actually very, very simply and easy to set up as well. So it is not a big, complicated thing. It's just a matter of getting started with it and, and getting the USS get sense. Its USS also gives you the capabilities to look into the future. When we have created the platform that will be able to adopt new services coming a long way, I will give you all a very, very, very big thanks for listening to this.
And now we can go to, to the questions, but thanks a lot. Okay. So now I'm looking for questions from the, from the audience. And so we do have a, a question here which is to do with how would you deal with VPN connection, interception, VPN interception. You can say effectively what we can do. And what we can choose to do is that we can actually unwrap the SSL connection that is usually being used.
So, and, and without being too technical, if, if, if first of all, traffic has to be web traffic, huh? So if the web traffic and the VPN is SSL, one can choose. One can choose. I thought you wanna see it or not. And if you wanna see it, you can unwrap the traffic by a fix. What you do, you install a, a certificate and then you can unwrap the SSL traffic.
But I, I would say very often, I mean, think about this as a way of controlling cloud application control and not necessarily VPNs you usually you would, you would, you could say use different means of controlling VPNs in general. I don't know if I understood the question, right. But if there is, I mean, if, if the traffic is going through a VPN, you have to unwrap the traffic inside of the VPN to see what's going on. And usually that's, that's not the use case that's been solved by traditional cloud application control that stuff, hand being traffic that goes within the VPN. Okay.
So I now immediately got another question which says, this is a solution that's only for user centric behavior. Is that correct? You can say effectively, effectively what we do is that we actually look at the actual packages being sent back and forth from a certain device to a servicer, and that would usually be initiated by a user.
So, and that means you can say, yes, this is meant to understand and see what services a particular user is using for what, but could that same technology be used for looking into, and I guess the question goes around whether and another application, you know, maybe they not user-centric in, in, in the means of being controlled by a user, but could we detect traffic going out that they would be initiated by something else and their user? Yes. Because effectively or not, we are not capable of seeing whether that is being initiated by a or not.
We just simply look at the TT P I P traffic and say, oh, the H P traffic speed to be precise. Okay. Okay.
So, well, my, my perception of VPNs was that you might use a VPN to connect to the organizational network. And that's not really what you're looking at is that you would then say from the org, if, if you log into your organization and then go out, I would've thought that you would catch that without Any property.
Yeah, yeah, yeah, yeah. Okay. But then that's, that's two different things. If you VPN into your organization, out from your organization into the cloud, we will still be able to capture that because we, we, and, and that's of course, a little bit technical, but we do have a gateway. We will set up in the organization that will capture all the traffic, regardless of that coming in originally from a VPN or just initiated directly inside of the organization.
So if, if that was the question, we, we would be able to see the same traffic then we'd, there would be no difference, basically. Okay, well, so we've had a, a thanks from the questionnaire there. So one of the, the, the questions that often comes up is every time you put another layer of controls in it makes things go slower. So does it actually result in a performance decrease?
What, what is the impact on performance? No, but you know, this, this, this, and, and that's a very important point of maybe I didn't stretch it well enough about this different ways of doing it, but having a proxy server, a non-pro server approach, the approach we have, we only really send very little data up to this cloud service that returns, you can say with ANSYS telling whether you're allowed to, to access a certain service or not. And by not having to try, you can say you by not having to transfer all of the traffic, all of the data, it becomes very, very fast.
So, so the answer to that question is no, there would be very, very little overhead, very, very little impact from the, from the performance point of view, because, because there's very little data that is needed to be transferred in order to be able to control the applications. So the answer is no Good.
Well, that's, that's a nice, clear answer. And what about the way in which things like Citrix and Microsoft terminal servers and Zendesk, all these kinds of things are involved.
How, how, how does it work in that kind of environment? Yeah, but the first, first question could be whether it works at all in those kind of environments or not. And the answer is yes, it does work in those environments.
And, and I'm actually planned from that kind of question because, because effectively a lot of people administrating those kind of environments have a hard time. Okay.
So how, how once people have access to like a, a virtualized desktop or a virtualized application that can access other applications in the, in the cloud, how do we control them? And it's effectively, it's the same way of doing it?
So you, you, and, and you say the need for controlling people's access from a centralized virtualized application or desktop is maybe even more important than doing it from your personal devices, because the impact, if something goes wrong is even higher when you have these centralized systems providing those, that kind of access. And then, and you say from a technology point of view is the same way you do it effectively.
You have instances either on the devices or you have instances and, and devices, meaning the applications accessing the cloud services or the desktop, the virtualized desktop is the same thing. Or you have a gateway controlling access to, to the, to the cloud and the effectively the traffic going out.
So the, so, so I was saying in those environment, it might even be more important in others and yes, it does work. Okay. And so you, you talked about the, the mobile, the traveling user and the importance of being able to control this well, how does it actually impact on the mobile user? Does it make them have to live their lives in a different way, or is it invisible?
No, but I think, I think, and I think one of the, usually if you have these traditional cloud proxy ways of doing it, people proxying their way through access to the cloud or to web services in general, they are very used to having this, for example, the performance issues. But if you just imagine what we have, we have something and we, we basically have this services that gives you the answers is to build it all over the world. So regardless of you're traveling or, or moving, we will, we will effectively be able to see where the user is.
And by that transferring the user to get access to a service close to them and give the answer back to, I'm sorry, if the, if the answers was around, would the traveling users see an impact? So once the local user would see an impact, the answer was no, the traveling users would not have a, a big overhead either, and they will not have, as you say, to live their life in a different way, just because they're using these kind of services. Okay. Thank you very much. So we're open for questions. Does any of the audience have any further questions?
Well, if, if we've no further questions, then I, I I'd like to thank David very much for his contribution to this. And thank all of the participants for connecting and listening to this.
The, the recording of this will be posted people who had registered for this will receive a link to the recording tomorrow. And in fact, actually, that's that that's, I thought I had another question coming in, but it was a false alarm. So thank you very much, David, and No problem. Thanks lot For joining. Okay. Thanks a lot. Thank you. Bye bye.
