software & applications |
|||
|
identity are the core components of a CASB which , together , provide total data protection .
Cloud
A deep understanding of how employees are using SaaS applications is key to identifying risky or malicious activity . By tracking user activities , CASBs can generate a baseline behavioural profile , and alert on deviations so that IT can take immediate action . Visibility can also help IT build security policies that minimise risk of data loss without impeding on employee workflows .
CASBs protect corporate data both in the cloud and on any device in real time . API integration into cloud applications is used to scan and protect data-at-rest , and proxies are used for inline , real time protection for data being accessed via both managed and unmanaged devices . Using built-in APIs , CASBs are able to scan and identify sensitive content stored in Apps like Office 365 and Google Apps , and apply granular access controls to data . With traditional solutions , access control capabilities are limited and IT is forced to simply allow or block access . With a CASB , IT administrators have more flexibility in extending access that is context and content aware .
Mobile
Data must be protected at rest in the cloud , at rest on mobile devices , and in transit — making cloud and mobile inseparable components of a complete security solution . The CASB data centric approach to security ensures that corporate information stays protected on any device , anywhere .
|
When organisations focus entirely on securing devices instead of securing data , there is a real threat of data leakage . An employee can , for example , download a file with sensitive customer information to a managed device , move that file over to an unmanaged device , and perhaps upload that file to an unsanctioned SaaS application . If the device were secured without other data centric protections , IT would lose visibility and control over that file . With a CASB , a content aware DLP engine can encrypt , DRM , and watermark data in real time , ensuring that sensitive information stays protected across both managed and unmanaged devices .
Another risk faced by organisations when it comes to enabling secure mobile and BYOD is the threat of lost and stolen devices . CASBs are capable of enforcing a wide array of device security policies on any device , functionality that has historically only been possible on managed devices . CASBs can require use of a PIN or passcode for added security and can even selectively wipe just corporate data from any mobile device .
Discovery
Data leaving the corporate network and heading to high risk , unknown destinations is a major concern for enterprises . High risk destinations take many forms – malware command and control sites , anonymisers like Tor , ‘ shadow IT ’ cloud applications , and more . Each of these destinations represents a risk of sensitive data exfiltration and must be identified in a timely fashion . CASBs offer
|
Cloud , mobile , discovery and identity are the core components of a CASB which , together , provide total data protection . |
discovery services that analyse proxy or firewall data to identify vulnerable traffic between the network and high-risk destinations . Destinations associated with known malicious activity can be identified in order to remediate high risk endpoints and users .
Identity
In many organisations , individual accounts are created within each cloud App , without a centralised identity system – a practice that can make provisioning new accounts and securely authenticating users more difficult . A complete CASB features an integrated identity management solution or works with an existing identity management infrastructure to enable secure authentication across all cloud Apps . Secure authentication , often a mandate of regulatory compliance , can drastically reduce the attack surface that hackers can access to manipulate corporate data .
Find SaaS security with CASB
Ultimately , business migration to cloud applications and mobile devices must be supported by a solution that keeps data secured on any device , anywhere . Existing security technologies only secure data on the network , which simply isn ’ t suitable or safe anymore . The Cloud Access Security Broker solution transcends the network perimeter to deliver overall data protection for enterprises , in the cloud , on mobile devices and anywhere on the Internet .
|
March 2017 | 21 |