One of the CASB vendors in our space has a storyline that goes like this: “Sanction [insert cloud app name here] and block all others at the firewall.” That sounds blissfully simple, and may even give you a warm fuzzy feeling for about 30 seconds. But if you think about it for any length of time, it sounds – and is – ridiculous.
Of course there are exceptions. We’d block really risky file sharing apps, ones with ongoing unremediated vulnerabilities, and ones hosted in risky countries. We get it. Some apps just don’t belong in your enterprise.
But the “sanction one and block the rest” regimen as a cloud security strategy simply isn’t practical in the real world. Here are seven reasons why: