0 dakika okuma
CASBs Must Evolve Beyond Access to Data-Centric Security
Neeraj Nayak
The hybrid workforce has brought a paradigm shift to the way business is done today. The need to achieve productivity while embracing the flexibility to work from any location, be it corporate office, or a coffee shop or even on the road, has led to the adoption of multiple business-led SaaS applications to keep the employees connected and foster seamless collaboration.
However, this change has led to numerous security concerns. Sensitive data, such as PII and intellectual property, is freely moving outside what used to be called the corporate perimeter to cloud environments—a realm that may not be under the complete control of network security teams. According to a recent a recent study, 60% of the world's corporate data is stored in the cloud. This data sprawl is further accentuated by the widespread adoption of generative AI applications as a productivity tool. These modern-day SaaS applications have significantly expanded the attack surface and led to multiple sleepless nights for the CISOs and security teams.
Time for data-centric SaaS security
Cloud access security brokers (CASB), the de facto choice for securing cloud assets in SaaS applications, offer highly differentiated capabilities as compared to secure web gateways and firewalls, to protect data, mitigate threats and ensure compliance with global data privacy laws. According to Gartner, SaaS spending is projected to grow 20% to total $247.2 billion in 2024, further increasing the market opportunities for CASB.
The initial CASB use cases focused a lot on providing visibility and controlling access to the SaaS applications—the word "access" is literally embedded within the CASB acronym. But with threat actors devising many creative and harder-to-detect ways to exfiltrate sensitive data, a strategic shift towards data-centric security model is required to protect information as it moves across multiple SaaS tools and beyond. While Zero Trust access control will remain a critical CASB use case, and so should safeguarding access for remote users and unmanaged devices. Here are imporant data protection capabilities to look for in a CASB solution:
- Data discovery: Perform historical scanning of SaaS environments to discover unprotected files and data that may introduce the risk of data breaches or compliance failure. Pair CASBs with specialized solutions such as Data Security Posture Management (DSPM) to get full visibility and control over the data.
- Data classification: Classify discovered data based on its sensitivity level and ensure appropriate controls are enforced based on classification and action performed.
- Inline inspection: Perform real-time DLP (data loss prevention) inspection for data uploaded to or downloaded from SaaS applications to detect sensitive information and enforce appropriate actions (encrypt/block/deny), preventing data leaks.
- Collaboration controls: Identify public links and restrict sensitive file sharing through collaboration applications such as SharePoint and OneDrive.
- Comprehensive coverage: Ensure the CASB solution seamlessly works with other security solutions, such as secure web gateway (SWG) and zero trust access network (ZTNA) to protect sensitive data across all channels - SaaS, web, and private applications - in the most comprehensive manner.
My next blog post coming later this will will discuss securing data in SaaS applications using Forcepoint ONE CASB, and how easily Forcepoint allows customers to reuse their existing on-premises DLP policies for SaaS applications. Stay tuned.
Neeraj Nayak
Daha fazla makale oku Neeraj NayakNeeraj Nayak is a Senior Product Marketing Manager at Forcepoint. With over a decade of experience in the cybersecurity industry, Neeraj has a deep understanding of cybersecurity solutions including SASE, SSE, CASB, ZTNA, DLP, and SD-WAN. Neeraj previously held product marketing roles at Netskope, Skyhigh Security and Lookout. Neeraj holds an MBA degree from IIM Mumbai and an Engineering degree from NIT Warangal.
- Gartner Critical Capabilities for Single-Vendor SASE 2023Read the Report
X-Labs
Get insight, analysis & news straight to your inbox
Konuya Gel
Siber Güvenlik
Siber güvenlik dünyasındaki en son trendleri ve konuları kapsayan bir podcast
Şimdi Dinle