Security "Bits"

Sharing PHI, PII, and PCI in the Cloud?

By Caleb Mast | June 24, 2019 at 4:56 AM
Server hallway in the sky-2

In my last article, “What is a CASB and How Do You Even Say It?” I described CASBs and how to pronounce the acronym. If you didn’t get the chance to see it, here is a short overview of what I covered. The correct pronunciation is caz-bee, and it is a system that protects your data – even when it is being accessed from devices outside your internal network. As I continued to educate myself on the product, I discovered that there are four important technologies that highlight the strengths and demonstrate the value of a cloud access security broker (CASB).

Reverse Proxy: This is a feature that only some CASBs provide, and it enables organizations to get in line between the user’s device and the data that is being accessed. Think of Office 365, Workday, Salesforce, G Suite, and the sensitive data that passes through these types of applications. CASBs are almost like a firewall for user sessions, but for any device, anywhere. The reverse proxy gives visibility and control over the user’s actions when the applications are accessed through a portal, usually known as a single sign-on (SSO) – generally offered through either an identity provider (IDP), or CASBs that offer the functionality natively. Whenever one of your managed applications is being accessed, the user is redirected to your organization’s SSO, allowing the reverse proxy to work its magic in real time without affecting anything in the user experience. If you can find a CASB that does this well, you can secure your data when it is being accessed remotely from unmanaged endpoints, and give yourself full visibility and control wherever it goes.

Forward Proxy: A forward proxy is similar to a reverse proxy in that it monitors the traffic on the user’s device as it accesses cloud applications. The main difference is that is it requires an agent installed on the user’s device that monitors all traffic on that device - including personal traffic. Forward proxy is a great deployment option to have for managed devices, but it can be a challenge for companies that allow employees to use their personal devices for work. As such, companies that enable bring your own device (BYOD) need to leverage reverse proxies in order to secure their data agentlessly.

API Integration: CASBs that can hook into application programming interfaces (APIs) allow you to scan data at rest in your cloud apps. For example, if you have documents that have been stored on OneDrive or Google Drive, API integrations allow you to scan said documents to find out what has been shared, and allow you to take action. Customers’ Social Security numbers, protected health information (PHI), and even financial data could all be found in your cloud. With a CASB, you can quarantine, encrypt, or watermark files to protect yourself from data leakage and malicious activity.

Shadow IT Discovery: Do you know what applications are being used in your organization? Are the applications jeopardizing your security? To find out, you can utilize a CASB and perform shadow IT discovery. This capability grants an organization insight into what apps are being used, and whether or not they should be sanctioned.

What if you could monitor all of your data going to and from the cloud in real time? What if you could know what applications are being used and understand the risk of using them? What if you could scan all the documents that are in the cloud and take necessary action? With a CASB, you can.

What are you doing to protect your corporate data in today’s cloud environment? I would love to hear your strategies as well as share further on how Bitglass can help.


Caleb Mast

Regional Sales Director – Bitglass


 To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, misconfigurations, and more, download the Definitive Guide to CASBs below. 

Download the Definitive Guide to CASBs



see all