“Sanction one cloud service and block the rest” has finally been relegated to the junk heap of cloud security strategies as enterprises move past log-based discovery for their end-all cloud access security broker (CASB) project. Enterprise IT is savvier than ever today about cloud usage and realizes that cloud – and users – just don’t work that way! They know that their organization’s most popular cloud services are part of an intricate, interconnected solution ecosystem, and their users are increasingly taking advantage of advanced capabilities and cross-service integrations.
This has led to the revelation that some CASB architectures are better-suited than others to the way users work in the cloud today. CASB vendors that try to shoehorn customers into an API-only or reverse proxy-only architectural choice (because that’s all they offer) are not only misleading their customers, but not actually solving the problem.
Netskope customers have deployed Netskope’s ALL-MODE architecture (with more than three-quarters of them going beyond a single mode) to achieve their most critical use cases. We have noted 15 of these use cases in our recent e-book,