Last week, we got an interesting inquiry from an enterprise that was testing CASB solutions. One of the vendors they were testing had a forward-proxy architecture that required proxy agents on every device. This requirement proved vexing even in the test lab - specifically, the forward-proxy CASB agent conflicted with the forward-proxy corporate Secure Web Gateway (SWG). This incompatibility is an inherent limitation of agent-based CASB, making them essentially unusable in the vast majority of enterprises. To the astonishment of the customer, the vendor recommended getting rid of the SWG entirely. The customer's puzzled question to us was whether we recommended the same thing?
Of course not! The job of a CASB is to protect your data outside the perimeter, while the job of an SWG is to protect your perimeter.
- Data protection: protect data outside the perimeter, in the cloud, at access and on devices
- Visibility: log access to corporate cloud applications
- Mobility: Real-time protection of data access from any device anywhere
- Privacy: Preserve employe privacy on personal devices (legal requirement per federal wiretapping laws)
- Perimeter protection: hygiene of HTTP traffic entering the perimeter
- Visibility: log HTTP traffic entering and exiting the perimeter
- Throttling: control HTTP bandwidth usage at the perimeter
- DLP: control HTTP data leakage at the perimeter