Many enterprises are well underway on their journey to adopt cloud services given the numerous benefits associated with them. Within our company, there are a number of sanctioned cloud applications in areas such as HR, customer management, collaboration, email and file storage. However, in addition to the approved ones, employees will often leverage a vast number of unsanctioned applications. This is often referred to as Shadow IT since tech teams are not involved in reviewing and deploying them. It's quite common for an organization to have hundreds of these kinds of services. This can actually be a positive thing from a business perspective if these services are helping employees be more productive and innovate. However, this poses some interesting security challenges, especially around data protection and compliance.
Enter Cloud Access Security Brokers or CASB solutions. While this area has been around for a few years, it is now becoming a key initiative for many CISOs and a discrete budget line item. It offers benefits not just for the security team but also for other stakeholders in end user services, enterprise applications and operations. There are a few key areas to consider.
"...employees will often leverage a vast number of unsanctioned applications."
Visibility: Many of these solutions provide visibility to all the cloud applications your company is using, along with a risk rating based on their research. You can determine if there are risky applications you want to monitor closely or potentially block. This visibility can be hugely helpful in reducing costs as well. For example, if you find that thousands of employees are using a certain unapproved application for collaboration, it might be worth understanding the appeal and launching more formally with an enterprise deal.
User Behavior Analytics: Identity analytics is as important as ever with compromised credentials and insider threats on the rise. UBA within your CASB solution can allow you to monitor for anomalies such as unknown devices or users within your key SaaS applications. Say someone downloaded a large set of documents which is out of the norm or perhaps accessed his or her account from a country you typically would not expect them too. You can be alerted to such behavior which might indicate a threat.
Data Protection: Policies can be configured to manage and limit the sensitive data that is being placed in key SaaS applications. For example, your company might use a cloud storage service but have a policy to not store sensitive data such as PHI there. CASB solutions give you the ability to configure these types of policies. They also help spot oversharing of documents. While one of the benefits of cloud file storage is how easily documents can be shared, employees unknowingly will share more broadly then they should.
CASBs are offered in both appliance and cloud deployment models. As with any security solution, upfront planning of use cases, creation of policies and architecting how the CASB solution will integrate into your overall network and security operations is essential to obtain real value.