CASB For Hire

This post was originally published here by Jacob Serpa.

Recently, a trivia-loving employee at Bitglass uncovered an interesting job opening on a leading financial institution’s careers page. The position was titled “Cloud Access Security Broker Principal Architect” and was focused on ensuring the full implementation of a cloud access security broker (CASB). This obviously highlights the growing importance of advanced security solutions like CASBs. In light of this, Bitglass wanted to create a miniature job description of its own.

The Ideal Cloud Access Security Broker

Category: Comprehensive Security

Location: Everywhere

Work Schedule: 24/7

Start Date: Immediately


The ideal cloud access security broker should provide total data protection for the entire enterprise – any app, any device, anywhere.


  • Secures data at rest in all cloud applications.
  • Authenticate users and secure corporate data at access across all applications.
  • Protects data on all endpoints (both managed and unmanaged) wherever they may be.
  • Ensures the protection of data in transit from cloud app to device.
  • Does not violate employee privacy or personal device functionality or performance.
  • Facilitates a simple, streamlined deployment and rapid employee adoption.
  • Protects from known and unknown malware at upload, at download, and at rest in the cloud.
  • Encrypts and tokenizes relevant data in both structured and unstructured formats.
  • Prevents data leakage across the organization.


  • Discovery capabilities must be able to identify and rank risky data outflows whether they occur via TOR networks, anonymizers, unsanctioned cloud apps, or anything else.
  • Integrate with (or serve as) an identity provider (IdP).
  • Utilizes a combination of API and proxies for maximum visibility and control.
  • Offers real-time data protection in tandem with user and entity behavior analytics (UEBA).
  • Is data-centric rather than device-centric to avoid controlling employees’ devices and collecting their personal information.
  • Uses a scalable agentless approach that doesn’t require installations or maintenance.
  • Has signature-based and/or machine-learning-based anti-malware capabilities.
  • Must offer full-strength encryption without compromising app functionality or data usability.
  • Provides a host of data loss prevention (DLP) capabilities and contextual access controls for maximum, real-time security.
  • Founded by industry veterans and backed by global tier-1 investors.

For organizations seeking total data protection in real time without agents, there is only one viable solution. Bitglass’ CASB can perform all of the above responsibilities and meet all of the above qualifications. To learn more, download the Definitive Guide to CASBs.



No posts to display