Campagna said, "CASB a central point of visibility control that an organization can put in place to protect any cloud applications they wish. The CASB will build controls from embedded trackers to applying encryption to outright blocking of a transaction or redaction of information so that there is not a compliance exposure."
Data and information is all over the place. When data goes into the cloud, it essentially is sitting on someone else's computer. "Now all sensitive data is stored on somebody else's computer--a black box, and you don't know how its protected," said Campagna.
Where the physical environment protected on premise infrastructure, that barrier is obsolete in the cloud. Campagna said, "What's different is that literally anyone can login to a cloud door and get access into the application. Can we guard that front door--data access firewall so to speak."
Not only can anyone access the cloud, but cloud data gets synced down to devices. Campagna used a hypothetical example of company X that just deployed box. "Employees are going to download the box app onto all their different devices, and now a cloud problem has become a mobile access problem," Campagna said.
"Anyone that has sensitive data to protect and is moving to the cloud has the potential need for a CASB. They have sensitive intellectual property that they want to protect," Campagna said.
Any reasonably sized organization has some amount of information assets that they want to safeguard. "At the very least, a CASB is a good solution for getting visibility into external file sharing, for example," Campagna said.
Cloud and CASB: 5 things to do to assess corporate needs
Determining the need for a CASB requires that companies know what they want from the service. Here are five tips to help determine what to do when considering a CASB.
- Make sure they are using CASB for the right reasons. Understand why they are interested in CASBs. Identify the limitations with on premise end point products to know whether they need to fully migrate to the cloud. Then determine the number of different cloud apps that they will need.
- Do a needs assessment to determine whether the cloud services are delivering on their promises. Perform a cost-benefit analysis. Look at the ease of access, flexibility, and availability.
- Understand the ways the cloud services they have are working (or not working) together. A CASB makes more sense for companies that are using a lot of cloud services.
- Know what resources are outside of the data center and unavailable.
- Be informed about the benefits and limitations of a CASB. Know the existing blind spots of the network, especially with BYOD. CASBs can address concerns around visibility, passwords, access and control, data leakage, data segregation, sovereignty, and data-at-rest, but there are also limitations that the enterprise should understand and consider to determine whether the benefits outweigh the limitations.
Sign up for CIO Asia eNewsletters.