Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top five CASB use cases that have the highest impact on cloud-consuming enterprises.
14. 14
1. Find all cloud apps and report
on enterprise-readiness of
each cloud app using 45+
criteria
2. Report on sensitive data being
shared publicly and outside
your company
3. Deployment requirements
typically include logs, TAP
mode, or inline for apps and
APIs for data
CASB
Requirements
15. Use Case #2
Prevent data
exfiltration
from sanctioned to
unsanctioned
cloud apps
Source: AT&T Cybersecurity Insights
16. 16
CASB
Requirements
1. Inline deployment options to get
access to both sanctioned and
unsanctioned cloud traffic
2. Ability to decode details in
real-time about activity and data
3. Ability to associate personal and
corporate cloud app account
credentials
4. Ability to correlate events and
perform anomaly detection
5. Need to see cloud usage details
from browsers, sync clients, and
mobile apps
17. Use Case #3
Allow cloud apps
instead being forced
to block them
outright
18. 18
1. See detail about real-time
activities across all cloud
apps
2. Support for category-level
policies such as ‘social
media’
3. Cloud DLP engine to focus
your policy on specific data
and use cases
4. Ability to apply context to
your policies
CASB
Requirements
19. Use Case #4
Provide granular
access control for
managed and
unmanaged devices
20. 20
1. Ability to classify managed vs.
unmanaged devices
2. Ability to set policies based
on device classification
3. Support for granular policies
based on device classification
CASB
Requirements
21. Use Case #5
Find malware in
sanctioned apps,
remediate, and
reverse attack
fan-out
22. 22
1. Ability to scan sanctioned cloud apps for
various malware types and quarantine
the files
2. Ability to replace the eradicated malware
with a tombstone file, letting the user
know of the action taken
CASB
Requirements
23. The Leading Cloud Access
Security Broker
Allow cloud apps instead being
forced to block them outright
Prevent data exfiltration
across all cloud apps
Discover cloud apps, find sensitive
data, and assess risk
Provide granular access control for
managed and unmanaged devices
Find malware in sanctioned apps,
remediate, and reverse attack fan-out
Don’t leave users in the dark,
coach them on safe usage
✓
✓
✓
✓
✓
✓
Official Gartner definition: CASBs are on-premises, or cloud-based, security policy enforcement points placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, SSO, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.
There are more than 900 cloud apps per enterprise, on average. If we look at how these applications make their way into the enterprise, about 10% are sanctioned by IT and include apps such as Office 365, Salesforce, Box, and a variety of business applications. IT often doesn’t know about the other 90%. Those fall under the Shadow IT category. Shadow IT is created by apps being brought in by users and lines-of-business, who today feel more empowered than ever because apps are easy to get and use. Whether sanctioned or Shadow IT, many of these apps has an important, and sometimes critical, role to play in the success of your organization.
The real question, though, is how much of your data is in these apps? What do you think?
[build]
Last year we did a study with Ponemon to examine the impact the cloud has on the probability and economic impact of a data breach. One of the question we asked IT and security professionals was how much business data they believe is in the cloud. Their (self-reported) estimate is about 30 percent.
[build]
Whether it’s 30 percent or more than that, it’s only going up from here.
Discover Cloud Apps and Assess Risk
Show App Analytics page and go over top-level stuff we report on (number of app, users, etc.)
Pivot to the CCI and talk about how to assess your risk associated with the cloud apps discovered
Filter by cloud apps discovered, cloud storage category, and CCI score of poor
Zoom into the app Droplr and talk about the 45+ criteria across 7 categories
Key point to stress: Discovery is often the starting point for many of our customers. Netskope’s advanced Discovery can help you assess your risk, do due diligence on new cloud apps that you may be considering bringing into your organization, or perhaps getting your arms around what your cloud spend is.
Show the demo when the wheel lands on: Find or Inspect
Advanced Enterprise DLP
Show data exfiltration and infiltration use case slide
Show a DLP rule where we look for a previous employer and the word confidential
Show a document that is sensitive and try to upload it to sanctioned Box
Policy is triggered and block message appears (use short video)
Key point to stress: Netskope provides the most powerful cloud DLP solution. Not only does it support for than 3,000 data identifiers, 500+ file types and advanced features like proximity and Exact Match, but you can also uniquely apply our DLP and leverage deep context to scan content tied to a real-time activity for both sanctioned and unsanctioned apps as well as content that is resident in sanctioned apps.
Show the demo when the wheel lands on: Secure or Encrypt (change action to encrypt)
Step 1: As we discussed previously, you need to get a handle on what cloud apps are running in your environment and measure each one’s enterprise-readiness using 40+ factors.
Step 2: The next step is to understand how those cloud apps are being used. You need visibility into the details of what the activities are taking in account contextual details such as the app, user, specific activity, and device that was used.
Active Threat Protection
Show malware attack fan-out animation
Show Box folder being shared with 70+ people and how many of them have sync clients
Drag a malware test file to Box and show how it propagates to the local sync clients belonging to the users that have accepted the share
Introduce Active Threat Protection - how you enable it in tenant and how it scans app instances and quarantines malware (mock-up dashboard)
Summarize and also talk about how the malware that has been spread to sync clients is replaced by a safe tombstone file
Key point to stress: This demo is the first phase of our Active Threat Protection, which is about finding and quarantining malware in sanctioned cloud apps. We recently announced Active Threat protection, supporting the ability to find and remediate malware and threats in real-time as they are uploaded, downloaded, or shared across unsanctioned or sanctioned cloud apps.
Show the demo when the wheel lands on: Protect
Advanced Enterprise DLP
Show data exfiltration and infiltration use case slide
Show a DLP rule where we look for a previous employer and the word confidential
Show a document that is sensitive and try to upload it to sanctioned Box
Policy is triggered and block message appears (use short video)
Key point to stress: Netskope provides the most powerful cloud DLP solution. Not only does it support for than 3,000 data identifiers, 500+ file types and advanced features like proximity and Exact Match, but you can also uniquely apply our DLP and leverage deep context to scan content tied to a real-time activity for both sanctioned and unsanctioned apps as well as content that is resident in sanctioned apps.
Show the demo when the wheel lands on: Secure or Encrypt (change action to encrypt)