The Most Critical CASB Use Cases in the Market Today: Monitor privileged accounts and prevent unauthorized activity in IaaS instances

Netskope

Enterprises’ cloud security use cases are maturing, and what they expect of their cloud access security broker (CASB) is going way beyond discovery of SaaS applications.  

Netskope customers have deployed Netskope’s ALL-MODE architecture (with more than three-quarters of them going beyond a single mode) to achieve their most critical use cases. We have noted 15 of these use cases in our recent e-book, The 15 Critical CASB Use Cases, and we’re highlighting them and more (and we want to hear from you too!) in this blog.  

Here’s use case #6: Monitor privileged accounts and prevent unauthorized activity in IaaS instances.

While SaaS makes up the majority of enterprise cloud usage, IaaS is a critically important cloud service category that is often overlooked. Often the domain of research and development professionals, it’s an area in which IT hasn’t been too heavy-handed thus far. But as an increasing number of projects and workloads now take place in Amazon Web Services, Google Cloud Platform, Microsoft Azure, or an other infrastructure service provider, IT and information security teams must begin to get control over this critical area. You can get started by monitoring to understand what’s happening in your infrastructure services.  

How can CASB help? A CASB sits in between the user and the IaaS and can monitor activity, enforce activity-level policy, and protect data. It can look for things like an administrator escalating privileges, a user creating unauthorized instances, deleting a cluster, editing a bucket, or performing another activity of interest from a security standpoint. It can also enforce policy, such as “Prevent unauthorized individuals from creating or editing a cluster.” To achieve this use case, the organization can deploy the CASB in an offline, API mode for monitoring of sanctioned IaaS and non-real-time policy enforcement, or in a forward proxy mode for real-time activity-level monitoring and policy control. Here are four critical functional requirements that are also needed to achieve this use case:

  • Be aware of context, e.g., activities such as “create” and “edit” and objects such as “instances” and “buckets”
  • Determine identity and control usage by user, group, and other enterprise directory attributes
  • See and control usage in both sanctioned and unsanctioned services
  • Decrypt SSL and decode the API to understand the transaction (for forward proxy)

How are you enforcing controls like these across your infrastructure services? We want to hear from you.

Learn more about this and 14 additional most impactful use cases by downloading The 15 Critical CASB Use Cases.