Value of SASE: Secure Data in the Cloud
To mitigate this risk, many businesses and government agencies began shifting to cloud-based security to replace the on-premises solutions. In many cases, the first step was to switch to cloud-based Secure Web Gateway (SWG); then, interest skyrocketed in moving to Zero Trust Network Access (ZTNA) services that replace VPNs for enabling people to safely get to internal private applications; and to round things out, Cloud Access Security Brokers (CASB) gained new importance as the primary tool for enforcing data security policies for information stored in cloud apps like Microsoft Office 365.
For organizations that had relied upon on-premises gateways for security either required users to always be on a VPN (which is painful for most users) or have users go unprotected if they connected directly over the internet. But, with so many relative novices now working remotely, internet attacks rose dramatically, increasing the risk to users, their computers, and data they used on those computers or in the cloud.
Communisis: Cloud Access Security Broker
Rarely is there a one-size-fits-all data security policy. Companies like Communisis have departments that require varying levels of access to different types of data. Ensuring that information stays protected while enforcing the right level of security without impacting user productivity is a tightrope walk itself.
All three of these cases used the cloud to secure usage of the crucial business information, the very essence of a SASE approach to security. In adapting to the new world of working remotely, many organizations began using SASE even if they didn’t call it that at the time. Let’s look at a few examples of one of these: the use of CASB to provide visibility and control for cloud-based applications and the data stored in them.
Business Value: Tailor-made policies that adapt to the sensitivity of the data enable Communisis to provide security on a sliding scale without impacting productivity.
Our Cloud Access Security Broker (CASB) give their business a new level of visibility into cloud application usage ahead of an enterprise effort to move to more cloud-based services. The Communisis security team was able to set granular policies that considered both the department the user resided in as well as the sensitivity of the data they were using.
Global Airline: CASB
People now are working from many different places—their homes, an office or even their local coffee shop. This distribution can make it difficult to keep track of what users are doing and ensure that they’re using sanctioned cloud applications instead of unknown software-as-a-service out on the web. One global airline faced a similar problem with its 2,800 staff located across 24 airports.
Here’s more from Communisis Chief Risk Officer Michelle Griffey:
Our CASB consolidated employee cloud application usage and shadow IT activity to provide transparency for the security team without interrupting end-user productivity.
Its users were accessing cloud applications—some approved and others unknown to IT—with their own individual accounts via the public internet. Virtual Private Networks (VPNs) proved slow and difficult to manage, so the airliner adopted Forcepoint’s CASB.
Acme Brick: CASB
An employee-led shift to cloud-based services meant security needed to move to keep up at Acme Brick. The Berkshire Hathaway company understands its parent company places the spotlight on it and keeping visibility of user activity in the cloud was key to staying ahead of security incidents.
Business Value: Visibility into employee activity in the cloud allowed the company to reduce IT risk across all its locations.
Business Value: “We got astronomically more visibility with CASB compared to what we got out of analyzing Box and O365 logs,” Jesse Glaesman, Cybersecurity Manager at Acme Brick, said. “Forcepoint opened our eyes. We’ve never had that line of sight and understanding before.”
Almost immediately after deployment, the company found sensitive information being shared across known and unknown applications—a level of insight it never had before. Finding the blind spots were vital in maintaining compliance with regulations like PCI DSS.
Learn the Five Pillars for Creating your Modern Unbound Enterprise with Data-Centric SASE in our webcast.
Protecting Data in the Cloud with SASE
Data access and security should be a central focus in every company’s IT security strategy. SASE solutions like a CASB gives organizations the visibility they need to protect sensitive data from threat actors.
This post was first first published on Forcepoint website by Jim Fulton. You can view it by clicking here