The Most Critical CASB Use Cases in the Market Today: Monitor or control users’ activities within collaboration and social media services without blocking them


Enterprises are adopting the cloud in a big way, and their cloud access security broker (CASB) use cases are maturing. They are moving from outdated concepts like log-based discovery to enforcing sophisticated activity- and data-level policies.

Netskope customers have deployed Netskope’s ALL-MODE architecture (with more than three-quarters of them going beyond a single mode) to achieve their most critical use cases. We have noted 15 of these use cases in our recent e-book, The 15 Critical CASB Use Cases, and we’re highlighting them and more (and we want to hear from you too!) in this blog.  

Here’s use case #8: Monitor or control users’ activities within collaboration and social media services without blocking those cloud services.

Collaboration and social media services are two of the top three used segments of cloud services today. Whereas most usage is completely innocuous, some of it can pose real risk to an organization. For example, in the financial services industry, especially for broker/dealers, users’ posts can get the organization in hot water. If an employee at an investment firm posts on Twitter that IBM is a “sure thing,” both he and the firm can be in violation of the Financial Industry Regulatory Authority (FINRA).

How can CASB help? A CASB sits in between the user and the social media (or other, such as collaboration) service and monitors for DLP violations such as the combination of a stock ticker symbol and the words “guarantee,” “recommend,” or “sure thing.” To achieve this, the enterprise must deploy in an inline, forward proxy mode with or without an agent on-premises and with a thin agent on any remote or mobile device that is off-network. If the enterprise chooses to monitor only users who are on-premises, it can deploy in TAP mode. Here are five critical functional requirements that are also needed to achieve this use case:

  • Integrate the CASB with directory services to focus policy on a specific group, e.g., “Investment banking”
  • Be aware of context, e.g., activities such as “view,” “post,” and “create”
  • See and control usage in both sanctioned and unsanctioned services
  • Detect data violations using advanced DLP features including regular expressions, custom keyword dictionaries, and boolean operators to focus on specific risky activities (e.g., for FINRA)
  • Decrypt SSL and decode the API to understand the transaction (for forward proxy)

How are you enforcing controls like these across social media and collaboration services? We want to hear from you.

Learn more about this and 14 additional most impactful use cases by downloading The 15 Critical CASB Use Cases.