CASBs in K12: Agents Need Not Apply


This post was originally published here by  Rich Campagna.

After hundreds of CASB deployments in the nearly 5 years since Bitglass was founded, we have customers in every major industry vertical. Regulated industries like healthcare and financial services rely heavily on Bitglass, but cloud security problems are fairly horizontal in nature, impacting everyone. With such a diverse customer base, it’s fascinating to understand how the importance of different security issues varies from one industry to the next, and how each industry’s environment creates unique constraints. A recent discussion with a prospect in a K12 education organization highlights the differences.

As a critical part of the cloud security equation, choice of endpoint device for end users is one such example. In healthcare and higher education, BYOD is everywhere. In financial services, on the other hand, corporate owned and managed devices are the rule. Across all of these verticals, MacBooks and Windows machines mix with iOS and Android devices. You might think the same would be true in K12 education, but that is most definitely not the case. 

According to the Associated Press, Chromebooks make up nearly half of the K12 education environment. Their popularity makes sense – the low cost appeals to the tight budgets in most education systems, and while the lack of offline functionality might not work for a road warrior, it works fine for students constrained to the classroom and home. 

Of course with Chromebooks, apps are limited to the Chrome Web Store, and installation of traditional software (like CASB agents) is not possible. That means that whether the CASB use case is for faculty and protection of PII, or a more broad use case protecting student machines from malware (no AV possible on Chromebooks) as well, an agentless CASB architecture is the only way to get to the head of the class. Agent-based CASBs need not apply. 

Photo:Fortinet Blog


No posts to display