This post was originally published here by Nat Kausik.
The savvy IT team at this UK banking giant chose Bitglass Next-Gen CASB. Here is why…
Whilst there are plenty of CASBs on the market, most offer just API-based management and ShadowIT Discovery. But, API-based management cannot address even basic security requirements. For example, when a user logs into an app from a kiosk or a personal laptop, he or she stays logged in for weeks if not months. There is no API to control the session timeout. Unless the user logs out at the end of the session, the door is wide open for a security breach. Never mind that human error is the biggest source of breaches.
And so the bank created a shortlist of CASBs capable of operating inline, and only two came up. One being a First-Gen CASB that has great looking charts, fancy DLP controls, well-heeled sales people and more. Other than that, the product is fundamentally flawed. For starters, it is not interoperable with the bank’s Secure Web Gateway. Secondly, the First-Gen CASB requires agents on every device, invading user privacy on personal devices thereby violating GDPR. Thirdly, at least one reference mentioned that it took over a year to deploy.