Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

CASBs and Education's Flight to the Cloud

Published 03/01/2018

CASBs and Education's Flight to the Cloud

By Jacob Serpa, Product Marketing Manager, Bitglass

Cloud is becoming an integral part of modern organizations seeking productivity and flexibility. For higher education, cloud enables online course creation, dynamic collaboration on research documents, and more. As many cloud services like G Suite are discounted or given to educational institutions for free, adoption is made even simpler. However, across the multiple use cases in education, comprehensive security solutions must be used to protect data wherever it goes. The vertical as a whole needs real-time protection on any app, any device, anywhere.

The Problems

For academic institutions, research is often of critical importance. Faculty members create, share, edit, and reshare various documents in an effort to complete projects and remain at the cutting edges of their fields. Obviously, using cloud apps facilitates this process of collaboration and revision. However, doing so in an unsecured fashion can allow proprietary information to leak to unauthorized parties.

Another point of focus in education is how student and faculty PII (personally identifiable information) is used and stored in the cloud. As information moves to cloud apps, traditional security solutions fail to provide adequate visibility and control over data. Obviously, this creates compliance concerns with regulations, like FISMA and FERPA, that aim to protect personal information. Medical schools have the additional requirement of securing protected health information (PHI) and complying with HIPAA.

The Solutions

Fortunately, cloud access security brokers (CASBs) offer a variety of capabilities that address the above security concerns. Data leakage prevention, for example, can be used to protect data and reach regulatory compliance. DLP policies allow organizations to redact data like PII, quarantine sensitive files, and watermark and track documents. Encryption can be used to obfuscate sensitive data and prevent unauthorized users from viewing things like PHI. Contextual access controls govern data access based on factors like user group, geographical location, and more.

To secure cloud, present-day organizations must also secure mobile data access. Fortunately, agentless mobile security solutions enable BYOD without requiring installations on unmanaged devices. This is critical for ensuring device functionality, user privacy, and employee adoption. Some agentless solutions can enforce device security configurations like PIN codes, selectively wipe corporate data on any device, and more.

Share this content on your favorite social network today!