<img src="//pixel.quantserve.com/pixel/p-_JKXxuL8SR7wu.gif?labels=_fp.event.Default" style="display: none;" border="0" height="1" width="1" alt="Quantcast">
blog-banner.jpg

Next-Gen CASB Blog

Eat your own dog food?

By Nat Kausik | April 1, 2019 at 12:04 PM

dogfood

A good product is used by the vendor internally . If it is not good enough for the vendor, it is not good enough for customers.   How do CASB vendors stack up?  Our competitors don't use their own product. 

If you want to check whether an enterprise has a CASB deployed inline with Office365, simply try to login as Jack@company.com on Office365 with browser network trace set up.  If the enterprise has a CASB inline to enforce real-time controls, SSO will be proxied via the CASB.

For example, go to https://login.microsoftonline.com  and enter jack@bitglass.com.    The network trace will show that SSO is routed via the Bitglass CASB portal.bitglass.com, thence to our ADFS IdP, in order to enforce contextual access control.  Specifically, users logging in from a trusted device, get enhanced access. Users logging in from an untrusted device get restricted access with session timeouts and DLP enforced.

bitglass_CASB_SSO

In contrast, go to go to https://login.microsoftonline.com  and enter jack@symantec.com.   You will note that SSO is not routed via the CASB, but goes direct to ADFS IdP, and no contextual access control is enforced. 

symantec-IDP

Likewise, go to go to https://login.microsoftonline.com  and enter jack@mcafee.com.   You will note that SSO is not routed via a CASB, but goes direct to Sailpoint IdP, and no contextual access control is enforced. 

mcafee-idp

The verdict is clear. If a product is not good enough for the vendor to use themselves, why should a customer pay for it?