POC the CASB

This post was originally published here by Rich Campagna.

The Cloud Access Security Broker, or CASB, space has quickly made its way to the mainstream, with organizations of every size and every industry deploying CASBs whenever their data moves beyond the firewall. 

While ready for primetime and widely deployed, some enterprises are taking the risky step of skipping the proof-of-concept or trial phase. Given the rapid evolution of the enterprise use cases, and of CASB vendor solutions, we always encourage organizations to #POCtheCASB (of course, it helps that our sales team has complete confidence in the quality of our CASB solution and in our support…). Here are a few of the key areas to focus on for a successful trial:

  • Proxy Robustness – a commonly cited issue with proxies (the only way to achieve real-time cloud DLP) is their ability to adjust to the near constant changes in cloud applications. In fact, without technologies like Bitglass’ AJAX-VM, it’s up to quick response by CASB engineers to fix breakages after they occur, which leads to inevitability of downtime. Make sure you don’t fall into this trap.
  • User Experience – the days of the security team being able to put their needs ahead of the user experience are long gone. Be sure to test with volunteer users from a variety of different business units or departments. Ensure that the CASB solution preserves the user experience and requires minimal or no retraining for your test group. 
  • Managed and Unmanaged Device Access – Even if you held BYOD at bay with premises applications, it will become a reality when you move to the cloud. Be sure to test the capabilities of the CASB on both managed devices, as well as on a range of BYO device types to ensure that policy and control capabilities work equally well on all device types.
  • Performance – a well architected CASB solution should offer high performance and low latency for all users globally, as well as when under peak load. Test from a variety of geos and from several different times of day. 
  • Enterprise Integration – Most enterprises end up integrating their CASB into several other systems including Active Directory, IDaaS, network DLP, SIEM and more. Test to be sure that the CASB has appropriate connectors for each of these systems.
  • Flexibility – you might initially deploy a CASB for a small number of cloud applications, but for most enterprises, their cloud footprint begins to evolve and grow rapidly once cloud takes root in the organization. Ensure that you develop test cases that exercise the CASBs ability to test not only your current needs, but the future needs of your business.
  • Policy – Last but not least, test out the policies you plan to develop on your CASB! Whether you’re planning to use baseline policies like access control and UEBA, or more sophisticated policies involving DLP and encryption, run the test CASB(s) through their policy paces. 
Ad

No posts to display