It’s a free-for-all out there. Employees and organizations are adopting cloud apps and services at a furious pace due to the productivity, collaboration, and convenience they offer. And why wouldn’t they?
If you have a problem, there’s probably a cloud app that can solve it. Plus, on a company-wide level moving away from traditional licensed software to cloud platforms like Office 365, G Suite, Salesforce, etc. delivers the additional benefit of moving from a capex to an opex financial model for your software costs.
But it’s not all cupcakes and roses. There are risks too.
Last year organizations on average found their employees were using 1,232 different cloud services and most of those apps were not business ready. For those sanctioned cloud apps that are monitored, 20% of files in the cloud were at risk of exposure due to risky sharing behavior and many of these files contained compliance related data such as PII, PCI, and PHI. 47% of organizations identified high risk user behavior and 71% of that behavior indicated attempts to exfiltrate data.
Enter Cloud Access Security Brokers (CASBs), the fastest growing security category ever, according to Gartner. CASBs are specifically designed to discover and monitor use of cloud apps, provide Data Loss Protection (DLP) for cloud apps, and protect organizations against threats using cloud apps.
A fully featured CASB is a good idea but Gartner recommends companies go beyond a standalone CASB deployment. They suggest that organizations plan to integrate their CASB with their existing security infrastructure and SOC processes.
Great idea. No one wants an island of security that’s hanging out there disconnected from the rest of your security. But where do you start putting the pieces together?
There are five integration use cases that could drastically increase the effectiveness of a CASB while at the same time decrease the complexity of managing the risks associated with the use of cloud apps and services. We call this integrated approach to cloud security, CASB 2.0.
Use Case 1
Integrate your CASB with your Secure Web Gateway: In this scenario, your CASB cloud app risk intelligence would dynamically feed to your secure web gateway so you can automate control over shadow IT use of any cloud apps. If this intelligence feed provides intel on granular risk attributes associated with specific cloud apps you can create policy controls directly in your SWG to monitor, redirect, or block use of cloud apps based on a risk attribute rather than trying to track individual app details yourself. Plus, if you connect your SWG and CASB you can automate the feed of your SWG logs to your CASB to ensure continual monitoring and risk analysis of what apps employees are choosing to use. Finally, an integration like this should be easy to manage with administrative backend details streamlined with benefits such as unified user authentication and traffic management.
Use Case 2
Integrate your CASB with your enterprise DLP in the cloud. Inspect your data in cloud apps in the cloud based on the same DLP policies that you use for all the other places where you track your data. With this approach, your CASB is the connection to all your cloud apps and cloud transaction and your CASB uses a DLP inspection engine that is in the cloud but your centralized enterprise DLP management is where you control the DLP policies and response actions for data in the cloud. This way your data never leaves the cloud AND you can apply the same DLP policies and response actions to your data in the cloud that you already use for data at the endpoint, datacenter, or network. Your alternative is to manage two separate DLP systems or to try to manage a wildly complicated ICAP approach…seriously, just don’t go there unless you have a lot of extra time on your hands.
Use Case 3
Integrate your CASB with User Authentication. Control access to cloud apps by integrating your CASB with Single Sign On and multifactor user authentication. At a basic level integration with SSO and MFA helps your CASB enforce better access security for your cloud apps. With typical integration models this works to control the onset of a user’s cloud app session and that’s it. However, if you have a deeper integration between CASB and MFA where the CASB can send commands to your MFA and receive responses even after a cloud session has been initiated, your security gets better at blocking malicious cloud activity without blocking legitimate cloud activity. In this scenario, imagine you have a use who’s already authenticated into Office 365 but suddenly they start uploading or downloading lots of strange files, maybe they are in a strange geography. What can your CASB do? Alone it can either block this abnormal activity or allow it to happen but with an integrated MFA it can require an additional round of authentication mid-session to make sure this is really the authorized end user trying to take these actions. If the user completes authentication the action can be allowed, if they don’t the action is blocked. This way legitimate actions are enabled while actions triggered by malware or a hacker are denied.
Use Case 4
Integrate your CASB with encryption, DLP, and user authentication. Secure data and manage digital rights to view data in cloud apps as part of a solution that secures your data wherever it goes. Consider a solution where your confidential data is automatically encrypted based on an automatic DLP classification at the point when a user sends the data to a cloud account. Later, any user who wants to view or download that file must pass a user authentication check to verify that they have permission to see that data. And this encryption and authentication requirement stays with the file even after it has been downloaded from a cloud account and sent on to another user (colleague, partner, vendor, customer, etc). Finally, your solution keeps track of who has access to that file wherever it goes and provides the ability to revoke that access at any future point in time.
Use Case 5
Integrate your CASB with advanced threat protection. Keep advanced malware attacks from leveraging your cloud accounts by integrating CASB with enterprise-class threat protection. Protect your cloud accounts with the same level of protection you currently use on your endpoints to detect and mitigate advanced malware infections. Put advanced threat protection with cloud sandboxing in place to detect advanced threats that might try to spread via cloud app uploads, downloads, account synchronizations and shares.
Not all CASBs today offer all these integration options and not all enterprise security solutions can support this level of CASB integration. Symantec solutions are designed to provide an integrated cyber defense for those organizations who want to take advantage of integrated solutions. Here are a few links to help you learn more: