With the huge success of the cloud—some surveys show cloud being used by 96 percent of respondents—the risks to information have exploded. Cloud obliterates the perimeter where most traditional data security efforts focused. New approaches are needed; that's why Gartner predicts that 60 percent of large enterprises will incorporate a cloud access security broker (CASB) into their security strategy within the next two years.
CASBs sit between you and your cloud provider to apply your policies and restrict access to cloud resources, including those you don't control directly. CASBs provide several different kinds of benefits:
- Insight. CASBs let you see where and how your data is being accessed in the cloud. It's a great tool for detecting shadow IT usage of unapproved SaaS and cloud storage services.
- Compliance. With a CASB, you can enforce your access and usage policies on those in the cloud. You can define your policy and have it applied across all your applications. Auditing and monitoring tools allow you to verify that no unauthorized activity is taking place.
- Security. While specific functions vary by product, CASBs all enable you to apply security controls to your data. Features typically include the ability to define access privileges down to the file level, along with file encryption.
- Protection. CASBs are invaluable for data loss prevention. As they intermediate access to documents, they're able to enforce controls against modifying, copying, and sharing confidential data in the cloud.
Choosing a CASB
When evaluating CASBs, you'll need to understand how the CASB works to make sure it can protect your cloud and your applications. Some CASBs work via APIs, while others user forward or reverse proxies. Some can operate in several ways, using different modes different applications.
Determine how the CASB can be integrated into your existing security controls, including identity management and single sign-on and firewalls. Evaluate the CASBs features compared to any data loss prevention and other tools you're already running.
Once you've selected a CASB, test it against your most critical application. If it works well in your environment to secure your most sensitive data, it will meet the needs of less critical applications as well. It can seem less risky to test against a less important application, but that won't assure you the CASB will work well where you need it most.
dcVAST works with our clients to develop complete data protection strategies for the cloud, including the industry-leading CASB from Bitglass. Contact us to learn more about CASBs and to discuss whether you should add this new layer of protection to your cloud.