Whether you have Office 365, Google Apps, or Salesforce deployed in your organization, you likely have limited visibility into how those applications are being used, little control over files storage and sharing, and no means of protecting data once it leaves the cloud. These critical gaps in cloud security can easily be resolved with a real-time Cloud Access Security Brokers (CASBs) for access controls and inline data protection.
Suppose an employee attempts to access corporate data on a new unmanaged laptop - say a spreadsheet with customer PII - do you block access entirely? Probably unwise since employees will simply work around IT, uploading sensitive files to unsanctioned cloud apps. Do you allow access without restrictions? Also unwise as this may put customer data at risk in the case of a lost or stolen device.
With a context- and content-aware CASB, you can restrict access in the riskiest contexts, step up to multifactor authentication where necessary, and setup DLP policies to encrypt or watermark sensitive files at download. The new data reality requires a new security architecture - one that protects data end-to-end, in the cloud and on any device.