Security "Bits"

CASB RFP: Questions to ask when securing the cloud

By Salim Hafid | May 3, 2017 at 11:00 AM

Screen Shot 2017-05-02 at 4.04.55 PM.png


When deploying a security solution to protect cloud and mobile, identifying and solidifying your requirements is a critical step in ensuring you choose a solution that meets your needs. For many organizations migrating to cloud apps like Office 365, Salesforce, and AWS, cloud access security brokers (CASBs) have become go-to solutions for end-to-end data protection. Any app, any device.

For organizations looking to deploy a CASB, there are a number of key considerations. Among them questions around deployability, usability, and functionality. RFP templates are an invaluable resource that can provide clarity on CASB feature-sets. See how your requirements match up with various vendors' capabilities, ask the questions to which you need answers, and evaluate options in one place.

6 key questions to ask

Proxy or API?

A complete CASB is a hybrid CASB, one that features API integration and that proxies traffic. APIs can provide critical visibility into data at rest in the cloud while proxies enable real-time protection at access.


If you've tried to deploy an MDM solution to devices in your organization or any agents for that matter, you know that an agent-based CASB just won't do. Where deployment is slow and usability lacking with agent-based CASBs, you need something that works. Organizations need the ability to protect unmanaged endpoints without the challenges of an agent-based deployment.

Does the CASB feature integrated identity management?

Authenticating users is a critical piece of the security puzzle. Fortunately, native identity management solutions that feature single sign-on and multi-factor auth can limit the risk of unauthorized access. At a minimum, solutions should integrate with third-party identity management systems that you may already have in place.

Can we achieve granular control over access? 

There's no 'A' in CASB without access, and granular access control is what you likely need in your organization to effectively protect data. A full-featured CASB can distinguish between managed and unmanaged devices, locations, and users to limit access in certain risky contexts.

What about mobile?

A cloud security platform is incomplete without a mobile security component. Mobile devices are able to access data in the cloud and thus pose a risk to cloud data security. Just deploying an MDM is not enough, particularly where there are hundreds or thousands of unmanaged endpoints to which you want or need to extend access. 

What do you ultimately need?

If you're moving to the cloud, visibility and control over corporate data is of utmost importance. IT needs to understand what sensitive data is being processed and stored in public cloud environments, how to best enable access to public cloud applications, and what can be done to secure cloud data.

download the RFP template



see all