Not All CASBs Are Created Equal. How Do You Choose?
Software as a service (SaaS) apps have reshaped the way we stay productive. By having everything easily accessible in the cloud, we are able to get work done from anywhere and on any device.
But, as we know, this flexibility has also introduced security challenges, as your data is also easier to reach for malicious actors. This is why the purchase of a cloud access security broker (CASB) is never that controversial. Most organizations understand that cloud apps require additional protection. They are also aware that legal and regulatory requirements continue to apply even as sensitive data migrates to the cloud.
But how do you choose the right CASB? This is an especially important purchase in this work-from-anywhere environment. Your employees are increasingly using personal devices and networks you don’t manage, which means you have little visibility or control over what’s going on with your users,their devices and networks.
I’ve put together a short list of must-have capabilities for a CASB. These are features that you need regardless of whether you’re only looking to secure a single app like Microsoft 365 or SAP SuccessFactors, or want protection across multiple SaaS apps.
Must-have capabilities for your CASB
1. Full understanding of your users’ behavior.
Some of the most critical threats you will encounter will not likely not start with malware deployment. Cyber attackers will avoid using malware and behave like users in order to remain undetected. This is why — whether you are defending against ransomware or insider threats — you need awareness of what’s going on with your users and their accounts.
A modern CASB solution should have a deep understanding of how your users behave. With this telemetry data, a CASB will be able to automatically detect anomalous behavior and stop an attack. An example is someone logging in from a restricted or new location, or a user suddenly downloading bulk files of sensitive data.
2. 360-degree data protection.
Data access and collaboration have become easier with SaaS apps, but they’ve also made data security harder. With data now everywhere, maintain control over who is accessing data, where the data is going, the networks it transits and whether it is being copied and saved elsewhere.
This is why you need a data-centric CASB with advanced data protection technologies built in. Your CASB solution should be able to automatically classify how sensitive your data is on the fly and across your multi-cloud infrastructure. It’s only with this insight that you can define granular policies that are dynamically applied depending on the sensitivity level of your data and the context by which it’s being accessed, such as the user’s location and the type of device they are using.
The other critical feature is the ability to enforce these policies no matter how your data is handled. You should be able to change file share settings when an user accidentally sends a document to an unauthorized user. The CASB should also have enterprise digital rights management technology (E-DRM) to encrypt data as it’s being downloaded. This way, even when a file is passed around offline, only designated individuals can access it.
3. Posture management to ensure your apps are correctly configured.
Just like with any other technology that processes and stores your data, you need to understand the risks involved. Threat actors are always looking for new ways to infiltrate your infrastructure, especially ways to exploit SaaS apps.
Your CASB should have the ability to assess your app’s configurations and security events, provide guidance on how to improve your posture and enforce security measures to ensure your risk level remains low.
Cloud security is one piece of a bigger puzzle
At the end of the day, your mission is to secure data and comply with regulations. You can achieve this only by deploying a CASB that has a full understanding of your users and data. With a complete visibility of what’s happening, you can retain control over your data without compromising on cloud productivity.
There is a “bonus” fourth CASB feature I want to mention here: integration with network and endpoint security technologies. CASB is critical in securing your entire cloud environment, but that’s only one part of an organization's attack surface. To ensure your Zero Trust architecture provides end-to-end protection, you need integrated controls to mitigate and continuously monitor risk for your on-premise apps and endpoint devices.
To learn more about a CASB that is built with data protection in mind, take a peek at the Lookout CASB solution. Also take a look at the Lookout SASE solution page to learn more about how you can holistically secure your organization from endpoint to cloud.