“Sanction one cloud service and block the rest” has finally been relegated to the junk heap of cloud security strategies as enterprises move past log-based discovery for their end-all cloud access security broker (CASB) project. Enterprise IT is savvier than ever today about cloud usage and realizes that cloud – and users – just don’t work that way! They know that their organization’s most popular cloud services are part of an intricate, interconnected solution ecosystem, and their users are increasingly taking advantage of advanced capabilities and cross-service integrations.
This has led to the revelation that some CASB architectures are better-suited than others to the way users work in the cloud today. CASB vendors that try to shoehorn customers into an API-only or reverse proxy-only architectural choice (because that’s all they offer) are not only misleading their customers, but not actually solving the problem.
Netskope customers have deployed Netskope’s ALL-MODE architecture (with more than three-quarters of them going beyond a single mode) to achieve their most critical use cases. We have noted 15 of these use cases in our recent e-book, The 15 Critical CASB Use Cases, and we’re highlighting them and more (and we want to hear from you too!) in this blog.
Here’s use case #14: Monitor or control advanced and cross-service activities.
As users become more sophisticated in their cloud usage – and cloud services themselves offer increasingly advanced capabilities and integrated cross-service solutions, enterprise IT must keep up with this more advanced usage from a security standpoint. It turns out that if organizations want to govern not just simple cloud service activities like “login,” but more advanced usage ones such as “edit in” Box or “save to” Dropbox, cloud security architecture matters.
How can CASB help? A CASB sits in between the user and the cloud service provider and can monitor and enforce policy on those advanced activiti