6 reasons you should add a CASB to your Cloud ecosystem

Apr 13, 2017 | Cloud, Security-GRC | 0 comments

Tell me if this sounds familiar: You finally have approval to move your business applications over to the Cloud then you find out the sales guys have already moved your company’s contacts over to Salesforce. Of course, IT was never notified.

Often employees outside of IT think “the Cloud” is a single place. And since getting it setup didn’t require the IT department, the techs don’t really need to get involved. Meanwhile, the IT staff spends its days securing the network so no one can get to the data that has now been uploaded to an unsanctioned Cloud service.

Between 90-95 percent of the Cloud services in use discovered by Netskope monitoring are unsanctioned services.

Employees are often driving company adoption of Cloud applications and services and IT departments and information-security teams struggle to catch up. The problem of unsanctioned Cloud usage—frequently referred to as ‘shadow IT’ leaves the company unaware that some Cloud activities are leaving the business open to cyber-attacks. Shadow IT becomes the fiery dragon hiding in the weeds.

So how do we tackle Shadow IT without hurting business operations?

A Cloud Access Security Broker service is certainly a great starting point. CASB acts like you tell it to act. It can be a gatekeeper, allowing the organization to extend the reach of their security policies beyond their own infrastructure. It can also act like a covert spy, giving you intelligence on what’s actually being used.

A good CASB (we have worked with both market leaders: Skyhigh and Netskope) not only helps you control the new risks that emerge with cloud migration, but can bring efficiencies to tasks like a Vendor Risk Assessment. Days’ worth of work on a Vendor Risk Assessment can be simplified into a process no more complex than a Google search.

Six reasons why you should arm your team with CASB:

  1. There’s more Cloud usage than you think: We have never talked to a company that didn’t dramatically underestimate the number of Cloud services in use by their employees. A recent study conducted by Netskope, shows Shadow IT continues to grow as the average number of Cloud services in use per enterprise rose to 1,071 up from 4% from the prior quarter.
  2. The Cloud can be more secure than your network. Or a security disaster: Some Cloud services are very secure, others, not so much. The variance in Cloud application security can be very risky if you aren’t choosing the right ones. Or even worse, letting your employees choose them for you.
  3. Focus on the data: If you don’t have visibility into what’s being used, how can you hope to control which services are in play? And if you can’t control that, your data could land in the wrong hands.
  4. You can’t block everything: Enter the battle between being open and collaborative vs. being closed and protective. Some companies implement a closed policy to prevent risk which can sometimes be counteractive to the growing business trend of open collaboration. And when you block the known providers, the alternatives they find are often worse.
  5. Customize your controls: A good CASB service can place granular, activity-level controls over unsanctioned Cloud services to defend against ever-evolving types of Cloud threats and malware.
  6. Teach good behavior: Someone using Dropbox when Box is your sanctioned secure file-sharing platform? The CASB can pop up a window suggesting they use Box instead. It can either allow the upload to happen after that message or block it. IT and security make that call.

Implementing a CASB product goes beyond the technology. ASMGi works with clients to help choose the appropriate service that works practically in their environment. An effective Cloud program doesn’t just stop at choosing the right product or partner. The Cloud and your CASB platform should work the way you expect it to and implementation is the key first step.

View/Add comments

<script type="text/javascript" src="//platform.linkedin.com/in.js"></script><script type="in/share" data-counter="top"></script> <a href="https://twitter.com/share" class="twitter-share-button" data-via="ASMGi_CLE">Tweet</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^https:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>

Navigate the blog