In this post, we're diving into security on the device, and how a CASB can help. Note: this post is an abbreviated version of the information that appears in The Definitive Guide to Cloud Access Security Brokers.
When most people think about cloud app security, they think about controlling access to apps like Salesforce and Office 365, providing visibility into who’s doing what in ServiceNow and Workday, and even encrypting data at rest in Box and Google Apps. These are all solutions to protecting data "in" cloud applications.
An even bigger challenge for many enterprises is the point of consumption—the devices from which employees are accessing and downloading data from these cloud apps. In order for Box to really be effective, employees need to be able to download files to their myriad mobile devices. And once those files are on the mobile devices, a whole new set of security concerns arises.
CASBs must protect not only data stored in the cloud and access to the cloud, but cloud data on the consumption device as well. Capabilities must include:
Client-side file encryption of sensitive corporate data.
Selective wipe of cloud data from mobile devices.
Data Tracking and Fingerprinting.
Enforcing basic device security policies, such as passcodes and encryption.
To help provide more color on what CASBs do, we have created The Definitive Guide to Cloud Access Security Brokers. We're providing the entire document via a series of posts on this blog. Of course, if you prefer to binge read your Definitive Guides much like you binge watched Breaking Bad on Netflix, you can download the whole thing immediately, right here.