With WFH and remote-working pandemonium still festering, find out four ways that a cloud access security broker can stop unsanctioned behavior.

A fundamental shift has occurred in the workplace. Even when the pandemic has been cleared, the world has to stand ready for Disease X and future viral outbreaks, the way we work may never return to the pre-pandemic normal again.

However, many organizations are still working to optimize their remote-working operations. For example, companies may still be routing cloud traffic through security appliances in their data center, a practice that slows traffic and may push impatient employees to access their cloud applications directly.

According to Jonathan Tan, Managing Director, Asia, McAfee, software tools like Cloud Access Security Brokers (CASBs) are more important than ever now. CIOs and CISOs should evaluate or re-evaluate CASBs at the network edges to identify every call to or connection from a cloud service, providing irreplaceable network visibility. “As cloud adoption accelerates rapidly, organizations can’t afford to lack the insights that CASB enable—and any organization not currently using a CASB should immediately consider adding one to their cybersecurity arsenals.”

The new reality of cloud collaboration

Tan explained that, due to the new working conditions, employees will do whatever is easiest and fastest, whether it is to finish more work on behalf of the company, or to save more of their own work time.

This can be as simple as turning off their VPNs, or as potentially damaging as storing organizational data using ‘shadow IT’ services in lieu of logging-in to officially-sanctioned cloud services or storage.

With threat actors ramping up efforts to exploit the distractedness and sudden changes wrought by the remote work, Tan said CASB has become increasingly important as a tool for proper defence. “Common cloud pressure points that organizations are encountering in the post-pandemic office are increasing across the board. This includes more employees accessing cloud services through a myriad of connection points, meaning that IT needs to now monitor traffic to and from cloud services across all of these. Meanwhile, as these endpoints proliferate, threat actors are flocking to attack the cloud, given its heighted importance. This makes encrypting data at rest a priority to further protect the organization.

Amid this all, an increasingly tight regulatory environment and rising data protection requirements will require security teams to monitor where data is being stored, to ensure compliance.

Four criteria for CASB adoption

CASB is one of the most mature technologies in the cloud security market. Adopting the tool depends on four criteria that organizations have to weigh:

  • Visibility: The ability to discover shadow IT services and gain visibility into user activity within sanctioned apps. In a dispersed workforce, this gives IT the power to see more things at once, and to stop unsanctioned services before the risks they pose to the organization become monumental.
  • Compliance: The ability to identify sensitive data in the cloud and enforce data loss prevention policies to meet data residency and compliance requirements. Amidst heightened scrutiny and regulatory pressures, will a CASB solution help the organization to stay one step ahead?
  • Data security: The ability to enforce data-centric security, including, but not limited to, encryption and tokenization. The latter two security features add another layer of protection and safety that an organization may need, given the exploding threat landscape.
  • Threat protection: The ability to detect and respond to threats, whether from inside or outside the organization.

Beyond these criteria, organizations considering CASB should evaluate and select solutions based on the rest of their cybersecurity portfolio: if an organization were to start its cybersecurity strategy from scratch (and apply a CASB before any other assessments), it would still benefit from a CASB, but not as much as if it had deployed a CASB as part of a strategy involving a diverse portfolio of defenses.

Seeing the big cyber picture

Like any other cybersecurity tool, CASB is part of what needs to be a comprehensive approach to cybersecurity across an entire organization, Tan said: “While the following steps may already have been addressed in your organization’s cybersecurity strategy, it may be good to revisit them. For CIOs and CISOs that are earlier in the development of their strategies, these will instead comprise the critical next steps to take.

  1. First, CASB are security tools, not financial tools. As with any product or service that an organization deploys, ROI and the benefits that end up on companies’ balance sheets are critical proof points—but CASB’s value may prove hard to justify in just that way. Additionally, while CASBs interface across the many X-as-a-Service solutions that organizations are now paying for, CXOs may need to look elsewhere to collate and quantify the subscription costs of these services, despite the fact that CASB will provide visibility across all of them.
  2. Second, CASB pulls back the curtain on cloud applications across an organization, but the stage direction must ultimately come from CIOS/CISOs. For example, take shadow IT: while you will gain the ability to stop such activities much earlier in their growth, if left to their own means, employees will continue to deploy shadow IT as it helps them in their day-to-day tasks. To address the root behavior, CIOs and CISOs must engage other stakeholders across the organization in order to properly educate employees and shift the behavior—and to add the appropriate remedial steps if violations occur.”

Tan asserts that going from operating without a CASB to operating with a CASB will substantially shift the way organizations think about their network and edges. “Understanding your organization’s key needs and deploying a suitable CASB solution will help it to take a valuable step forward in its readiness and resilience.”