Choosing a CASB
Main considerations when choosing a CASB
User security
Visibility. The first obstacle for organizations trying to provide sufficient user security is visibility. In large organizations, there are a large number of users accessing multiple applications in multiple cloud environments. A CASB solution must provide significant visibility into user activity across all of the SaaS applications they access.
Threat protection. While significant user visibility is critical, visibility is not enough to achieve full user security. By leveraging the data and analytics gained by deep visibility, organizations can provide significant threat protection for their users. The exponential growth of multicloud activity has increased the attack perimeter, and IT professionals cannot keep up with all of the threat alerts. Large-scale analytics and machine learning allow a CASB solution to automate threat alerts and responses to achieve more robust, agile user security.
Data security
Control. The first step to helping ensure data security is control. Organizations should restrict access to areas where the information is not critical to an employee's job functions. Once attackers are in the network, they will attempt to move laterally to access secure data. While organizations may want to trust their employees and grant access, this can greatly increase the attack surface. When in doubt, limit access points to significant data.
Visibility. Similar to user security, visibility is a crucial step to promoting data security. Storing sensitive data across a multicloud environment can be terrifying. In addition, the explosion of cloud solutions and remote access points in organizations has increased the amount of data collaboration. More and more, organizations are sharing sensitive data across multiple cloud environments. Controlling access to sensitive data can be very effective, but there will constantly be newly forming connections within a network. As a result, organizations constantly need visibility into telemetry data to understand where their access policies need to be enforced.
App security
Discover. Organizations oftentimes would be dismayed if they saw the number of applications their entire network uses. Applications can be very beneficial, but it is important to know which ones are accessing organizational data at any given time. A CASB solution should provide discovery and visibility of third-party connected apps and enable the customer to disconnect from risky or inappropriate apps.
Classify. Once an application is discovered, a CASB should classify it. In some scenarios, like Google Apps, these applications may unknowingly have access to sensitive data. While it may seem harmless, a malicious application can cause serious damage. To allow employees to work efficiently but safely, a CASB needs to quickly classify: What is this application? Is it safe? What data does it access? CASB solutions can leverage the data from community trust ratings to help identify the risk related to specific apps.
Disable risky apps. Once discovered and classified, the application should be enabled or disabled. In most cases, the application has been downloaded or accessed to improve an employee's productivity. If the application has been classified as safe and beneficial, and the permissions are appropriate, it can be left alone. If the application is classified as a threat, it should be immediately disabled.