CASB is Your Best Bet for Protecting Data in the Cloud

The National Institute of Standards and Technology (NIST) defines cyber security as “the process of protecting information by preventing, detecting, and responding to attacks.” Cyber incidents can have financial, operational, legal, and reputation impact. Costs may include forensic investigations, public relations campaigns, legal fees, consumer credit monitoring, and technology changes. The biggest concern when it comes to cyber security is data. Over the past several years, organizations have migrated to the cloud at an increasing clip as CIOs realize the cost savings associated with no longer needing to host and manage hundreds of servers and costly storage systems. In a recent study conducted by the Ponemon Institute and Netskope, IT and security professionals estimate that 30 percent of their business data is in the cloud already. Simultaneously, the advent of employees using personal mobile devices for work has shattered the notion that organizations can keep business data inside the corporate wall. Sensitive data detection and protection in the cloud are now critical.

Outsourcing server and storage management, as well as business-critical applications, to the cloud brings more than just cost savings, though. Just like any good outsourcing deal, every corporation needs a mechanism for oversight of the outsourcer as well as some level of information protection, as defined by NIST. This can be accomplished in two steps:

• Integrate cloud security across the enterprise: Protect the data flowing in and out of your cloud service by integrating cloud security security as part of your enterprise-wide governance processes, information security, business continuity, and third-party risk management teams. Without full cooperation of these teams, even the best security tools will not be effective, and will just add noise to an already noisy security environment.
• Choose tools that can see and manage the data flowing in and out of your cloud services: With new tools like the Netskope Active Platform, Netskope Introspection, and Netskope Active DLP, not only can you identify the apps being used in your organization, you can also see what data are moving to and from them, as well as exist within them. This is a huge improvement over what security tools do today. Firewalls and proxies may be able to identify applications, but they won’t let you know when an employee uploads sensitive business data, such as a spreadsheet with hundreds of your customers’ credit card numbers, to their personal Dropbox.

This surgical visibility and control of cloud apps is necessary to understand your organization’s exposure to sensitive data in the cloud. Protecting your data from breach or exposure can only happen if you have visibility in to where the data is and what your employees are doing with it. If you are able to block uploads of sensitive business data to personal cloud storage instances, while simultaneously coaching your users toward a corporate managed cloud storage service, you have enabled all three of NIST’s components of cyber security: prevent, detect and respond. Only by doing this will you ensure your information protection posture is sound when migrating to the cloud.