Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Keeping Your Boat Afloat with a Cloud Access Security Broker

Published 12/07/2018

Keeping Your Boat Afloat with a Cloud Access Security Broker

By Prasidh Srikanth, Senior Product Manager, Bitglass

boat on an Alpine lakeIf you were on a sinking ship that was full of holes of various sizes, which ones would you patch first? Probably the big ones. Now, consider this: As an enterprise, you’ve been successfully sailing and securing your corporate data on premises for some time. However, now you’re migrating to the cloud, looking for increased productivity, collaboration, and cost savings. In this new ocean, organizations must decide how to prioritize security concerns so that they can prevent data leakage.

There are two schools of thought on how organizations should accomplish the above. The first entails beginning by securing your most-used SaaS apps (Office 365, Box, G Suite, Slack, et cetera). This is ideally done through a multimode cloud access security broker (CASB) that secures data access in real time via proxy, and secures data at rest in the cloud through API integrations. As these major apps are the primary locations to which your data is flowing, they are your first responsibility to address.

From there, a shadow IT discovery tool can be used to identify the other, less frequently used SaaS apps that employees are accessing. When these uncommon, less widely known apps are discovered, you may then choose to perform policy-based remediations; for example, coaching users to sanctioned alternatives, making shadow IT apps read only, or blocking access altogether. In this way, the larger security gaps are addressed before the smaller ones, meaning that your boat is successfully patched and gets to sail onward.

The other approach to cloud security says that organizations should perform shadow IT discovery before they begin to secure major SaaS applications and enforce data protection policies. In other words, you have to identify everything before you can begin securing anything. With this approach, you start by hunting down every minuscule security gap before beginning to address the apps that represent the largest data leakage threats, meaning that your boat is allowed to take on water.

Gaining insight into SaaS app usage is helpful for the enterprise; however, there’s a handful of apps that act as the gateway to your cloud journey. Addressing these commonly used applications first is the right way to secure your cloud migration. Once you have your bases covered in this way, you can further strengthen your security posture by performing shadow IT discovery and securing the other apps that represent the metaphorical small holes in your boat. With this measured and methodical security approach, you can confidently continue to transform your business and sail into the cloud.

Share this content on your favorite social network today!