Your organization is evaluating cloud access security brokers to safely enable sanctioned and unsanctioned cloud services. This list of questions gives you specific, use case-based examples that will help you differentiate the capabilities between the CASB vendors you may be evaluating.
1. Can I control activities in managed and unmanaged cloud applications instead of having to block services altogether?
A: Rather than take a sledgehammer to the service by blocking it, take a scalpel to an activity such as “share”; Do it at a category level – across any cloud storage service, for example. This lets you allow, not block services while mitigating risk.
2. Can I enforce my sensitive data policies in and en route to cloud services? Can I reduce false positives by only looking at cloud transactions that matter?
A: Rather than find and secure content in just your sanctioned service, do it across both sanctioned and unsanctioned services, and for content that’s at rest and en route. Also, minimize false positives and increase accuracy by reducing the surface area through context. Filter out the cloud transactions you care about by removing users, services, categories, locations, and activities from what you inspect and enforce policies.
3. Can I enforce policies based on Microsoft Active Directory groups or organizational units?
A: Rather than upload or enter user data manually, enforce policies that incorporate groups from your enterprise directory such as Microsoft Active Directory.
4. Can I detect cloud activity anomalies like excessive downloads or shares across any service, or if users are sending renamed files or extensions?
A: Rather than detecting anomalies only in sanctioned services or at a coarse-grained level such as access, detect anomalies based on activities across any service, sanctioned or unsanctioned.
5. Can I monitor and report on activity in regulated services, like finance and accounting ones, for compliance purposes?
A: Rather than keep regulated services on-premises, migrate them to the cloud while also complying with regulations such as Sarbanes-Oxley. Report on access and data modifications within cloud-based systems of record.
6. Can I enforce policies remotely, including on mobile and in sync clients?
A: Rather than exclude on-premises monitoring and control from your cloud security model, enforce your policies wherever your users are and whatever their device.
7. Can I mitigate risk against users with compromised accounts?
A: Identify and protect against users accessing your services with compromised account credentials.
8. Can I find and remediate threats and malware in my cloud services?
A: Identify and protect against threats and malware in or en route to or from any cloud service.
9. Do you enhance the value of my existing investments by enabling me to integrate with on-premises solutions such as DLP, SIEM, malware sandbox, and EDR?
A: Rather than deploy cloud security in a silo, make your existing investments more valuable by adding a cloud access security broker.
10. Do you facilitate the deployment options that meet my requirements, including keeping all of my data on-premises? Are you a future-proof investment?
A: Rather than be forced into a CASB vendor’s deployment model, choose the deployment that best fits your requirements, now and in the future.