If you’re looking at implementing CASB (cloud access security brokers), you’ve probably begun to realise there are a myriad of options out there and they’re all designed slightly differently. So how do you know what you need?
We’re here to help, with a no-nonsense guide to show you which features are must-have and which you can do without.
First things first, know your users. What applications are they using?
1. Consider the cloud applications you’re using
Most CASB vendors have a predefined list of cloud services, applications, and platforms that they integrate with already. These encompass the majority of popular SaaS applications, be they CRM software, document management, office/productivity tools, accounting platforms, or more.
But it’s increasingly common — especially in the regulated industries, like finance, insurance, and healthcare — to use highly customised, non-standard applications designed for very specific use cases. If this is the case, or you want to future-proof yourself and make sure you’re compatible with any apps you may require in the future, you’ll need a more all-encompassing CASB solution capable of securing any cloud apps, services, or platforms.
2. Security controls and functionality
This is what you’re here for, right? Depending on your existing security tech stack, you will want data loss prevention, access control security management, advanced logging capabilities to help forensic investigations, and encryption tools.
It’s also important to read up on the history of the CASB vendor you’re considering — many products are built around technologies designed to give customers visibility, rather than focusing on control. Leading vendors also offer advanced encryption whilst retaining the ability to search data, which is a game-changer when it comes to GDPR compliance.
3. Ease of installation
Ultimately, nobody wants to have to install new tools on every client device across an organisation if it can be avoided. So ask difficult questions of your shortlisted vendors. Will you have to configure each cloud-based platform in use individually, or does the CASB have auto-discovery tools to speed up the process? How much help will you get from a client delivery team, or will your team be left searching through manuals?
Alternatively, you could choose an agentless product, which doesn’t require installation on client devices and won’t flood your helpdesk with frustrated users trying to get their work done.
4. Will the CASB vendor enable my business or hinder it?
Features like Single-Sign-On can really help speed up the user experience, as well as boosting all-important productivity. The traditional relationship between an IT department and its user base is fractious — constantly being told that new technologies are unsupported or too insecure for business use — but CASB should be one of the areas where an IT department can drive productivity and innovation around user behaviour, positively impacting user experience.
Besides cutting down the admin work required, an agentless solution enables radically different ways of working. For instance, an employee who wanted to go over presentation at home would now be able to use his own personal computer, authenticate himself in exactly the same manner that he would in the office, and have a secure connection to his documents and apps from whichever device he or she wanted to use.
For those organisations deploying BYOD, agentless solutions tend to be favoured by users as there is no software potentially snooping on a user’s private activity outside of working hours.
Despite growing security budgets, every cloud service and platform is explicit: when it comes to security, the responsibility is shared between the customer and the provider. Moving to the cloud doesn’t mean that an organisation can pay a monthly fee and outsource their security obligations. CASB offer a great way of mitigating the security risk presented by rapid cloud adoption.
If you’d like to know more about the Bitglass CASB solution and how it could help secure your business, click the image below.