Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Eight Questions to Ask When Evaluating a CASB

Home
Industry Insights
Eight Questions to Ask When Evaluating a CASB

Blog Article Published: 09/12/2016

By Rich Campagna, Vice President/Products & Marketing, Bitglass

Cloud Access Security Brokers are the hottest technology in enterprise security right now, topping Gartner's Top 10 list two years running. Widespread adoption of major cloud apps like Office 365 (and corresponding cloud security concerns) are accelerating CASB adoption in every major industry, from financial services to healthcare.

If you're like most enterprises, you've already decided that a CASB can help you meet your security & compliance goals when moving to the cloud. The next step is to figure out how to evaluate a CASB. There are 8 key questions you should be asking when evaluating a CASB. Drumroll please...

1. How does the CASB differ from security built into my cloud apps?

Each cloud app vendor makes their own decisions on what types of security functions to build into their application. One app may include encryption for data-at-rest, but not transaction logging. Another app might offer the opposite. Ensure that the CASB vendor is offering value above and beyond what is built into your applications. And don't shortchange the value of a single policy enforced across cloud applications or inter-cloud user behavior analytics.

2. Does the CASB protect cloud data end-to-end?

Cloud data doesn't only exist in the cloud - as soon as you deploy, your end users will arrive with an arsenal of devices and start syncing or downloading data. Very quickly, your cloud security problem becomes a mobile data protection problem. Ensure that your CASB is able to protect not only data-at-rest in the cloud, but data downloaded to devices (both managed and unmanaged - see #3 below).

3. Can the CASB control access from managed and unmanaged devices?

A user logging in from an unmanaged device represents more risk than the same user logging in from a fully patched and protected laptop running an approved corporate image. Whether we like it or not, most organizations need to extend at least some access to the unmanaged device. Make sure your CASB can control access from these devices as well as unmanaged devices - and note that this means you're not likely to be able to install agents or reconfigure these devices.

4. Does the CASB provide real-time visibility and control?

If data leaks for 30 minutes is it still data leakage? Absolutely. While there are some CASBs that operate entirely via API integration into major cloud apps, API-only approaches are subject to notification delays in the APIs, which may mean minutes, even hours of data leakage before something like an external share can be revoked. Only a hybrid approach, which leverages both API and proxies ensures total data protection.

5. Can the CASB encrypt uploaded data?

Many organizations will decide that encryption is the best way for them to safely adopt cloud apps. If this is even a consideration for your company, make sure that you're covered, as many CASBs do not offer encryption functions. Also beware that it is common for CASB vendors to weaken encryption in order to preserve application operations like search and sort

6. Does the CASB protect against unauthorized access?

Visibility into suspicious activities is helpful, but is usually too little too late. You want proactive protection against unauthorized access, something only a CASB with integrated identity management can offer. So for that often cited example of "detecting" a user logging in from two locations simultaneously, wouldn't it be better if the CASB could force a step-up to multifactor authentication on both devices as soon as the rogue session is attempted?

7. Can the CASB help me detect risky network traffic, such as shadow IT or malware?

Understanding the unsanctioned apps in use by your employees is helpful, but what if that isn't the riskiest traffic leaving your corporate network? Leading CASBs have moved beyond simple shadow IT discovery to rank and prioritize the riskiest traffic on your corporate network - whether that is shadow IT, malware, anonymizers, etc.

8. Will the solution introduce scale or performance issues?

Look to CASBs that have deployed on a global, high performance infrastructure. Appropriately architected and deployed, a CASB can actually have a CDN-like effect on your cloud applications, increasing performance versus going direct to the app!

CASBs are the most effective way to ensure a secure, compliant cloud deployment. By asking these 8 questions, you can ensure that you select the right vendor for your organization. Learn more about CASBs here.

Share this content on your favorite social network today!

Latest from CSA
Join AT&T Cybersecurity in Chicago
The State of AI and Security Survey Report
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Enhance your cloud security skills with CSA's online training options.