Charlotte, N.C., Gains Visibility and Control with a CASB
CASBs primarily serve to improve visibility, data security, threat protection and compliance, says Randy Moulton, chief security officer of Charlotte, N.C., which recently selected Bitglass as the city’s CASB solution.
“They can act as a firewall in the cloud,” Moulton says. For example, a CASB allows administrators to view who is going to a website, including people who are trying to penetrate it.
“You can get that visibility through the CASB and lock that person out, as a typical firewall would do,” he says. “It also allows you to control access to certain types of data.”
That can help aid data loss prevention efforts, Moulton says: “So, with a CASB, you have the same visibility and the same controls now in your cloud environment that you historically had on-premises in a data center.”
A CASB also can help state and local governments with compliance requirements, including for the Health Insurance Portability and Accountability Act, which regulates data privacy and security provisions for medical data, he adds.
“If you’re looking at moving a significant portion of what you had on-premises to the cloud, you need to look into a CASB,” Moulton says.
Agencies Use CASBs to Get Control of Shadow IT
Missouri’s state security team was concerned with the use of shadow IT in the cloud, according to Theresa Frommel, Missouri’s deputy CISO.
“Our user base is large, and the existing tools in our stack did not have the ability to granularly identify usage,” Frommel says. “Being a state entity, we are bound by a number of federal regulations and attempt to do our due diligence to ensure state data is protected.”
The state selected a CASB solution in 2015, choosing Skyhigh Networks, which was then the only option compliant with the Federal Risk and Authorization Management Program (the FedRAMP benchmark is commonly used by states when selecting cloud-based services). In 2018, McAfee acquired Skyhigh Networks.
“Not only did we find in excess of 2,000 shadow IT sites being utilized out of the gate, but the integration of a CASB solution allows for continued visibility,” Frommel says. “It assists with maintaining control of our assets and preventing data loss incidents.”