The Four Pillars of CASB: Data Protection

By Will Houcheime, Product Marketing Manager, Bitglass

In this blog series, we discuss the key capabilities of cloud access security brokers (CASBs), and why organizations are turning to them as they migrate to the cloud. One of the four pillars of CASBs is data protection, which focuses on securing all information going back and forth from any device and any application. IT departments have many security needs, and they often struggle without the correct tools. Organizations in various industries have found that the benefits of CASBs make the move to the cloud possible without compromising on security.

First, with a majority of enterprises moving to the cloud, and many employees being able to access corporate data from their personal devices, a CASB must have the ability to secure unmanaged endpoints. In particular, companies need a solution that secures data without having to deploy agents on all devices accessing data. In this way, employees can work remotely from personal devices and corporate information can be kept secure. This agentless, bring your own device (BYOD) approach, enables employees to work from anywhere and at any time. Agentless deployment allows organizations to protect their data without having to place an agent on every device, making the deployment process simple. Employees generally prefer this approach because agents tend to invade user privacy and hinder device functionality.

Most companies, regardless of which industry they are in, store highly sensitive data on their public cloud applications. Without full strength cloud encryption, these enterprises are putting themselves at risk. When selecting a CASB, organizations should find a solution that includes full strength, 256-bit AES encryption with 256-bit initialization vectors. In this way, sensitive data at rest can be protected from malicious access as well as the potentially prying eyes of cloud app vendors themselves. Additionally, the solution must be able to encrypt files and field-level data, all while preserving functionality such as search and sort.

Leading CASBs also provide a suite of data loss prevention (DLP) capabilities, such as the ability to watermark, quarantine, redact, and apply DRM. Watermarking places either a visible mark or invisible mark on a file, demonstrating ownership. Watermarking with a callback allows an enterprise to gain context about where its files end up going, such as IP address or geographic location. With quarantine, access to files of your choosing can be limited to admins – preventing the vast majority of users from handling them. Redaction looks for sensitive data patterns in transit, such as Social Security numbers, and hides said data from the receiver. Finally, digital rights management (DRM) requires that users provide credentials before they are able to access files and then gives them read-only versions. These DLP capabilities give organizations complete control over their data, making the migration to the cloud much easier and more secure.

Data protection is one of the four main pillars of CASBs. As such, enterprises should take the time to find a solution that offers agentless mobile security, full strength encryption that enables search and sort, data loss prevention, and more. Organizations that use a CASB are able to migrate to the cloud, gain full visibility and control over sensitive information, and enable BYOD – increasing their efficiency and flexibility while ensuring comprehensive security.

For more information about CASBs you can read more here.