We’ve witnessed an explosion in workforce mobility, more so over the past 2 years accompanied by a growth in BYOD. The result has unsurprisingly been pervasive and unsanctioned employee cloud usage. This places a burden on organisations and their ability to monitor and oversee the usage of cloud applications and personal information.
This week we spend time with Ramses Gallegos who is currently the International Chief Technology Officer, Cybersecurity at Micro Focus. Ramses is a prominent speaker on the international circuit and a respected technology strategist and information security evangelist.
AXZEL:
CASBs have long been mooted as the response to Shadow IT by enabling businesses to take a granular view of data protection and policy enforcement. What place do you see for CASB in the modern organisation who are already neck deep in their cloud migration strategies.
RAMSES
CASBs are here to stay. Gartner coined the term a few years ago and we did not really realize then that it grouped the different disciplines that we have already been running with for decades as part of our normal infrastructure.
The definition of CASB includes DLP, encryption, tagging of information, incident management, monitoring, two-factor authentication, etc. Fortunately, or unfortunately, COVID-19 accelerated the business models that are about remote working, accessing backend applications from afar, managing repositories that are going back and forth between the Data Centre and Cloud instances.
Because of that, CASBs are uniquely positioned to provide full control and monitoring on what’s happening in both the ingress & egress channels of our companies and societies at large. CASBs are perfect since they rely on something that has been traditionally deprioritized: logs and events that go through the proxy (that, let me remind everyone, can do a universe of things on behalf of the user and are perfectly placed on a network to become the bridge that CASBs need).
CASBs have a bright future/present in organizations because the (redefined) working model makes it imperative to control, to know, to comprehend the usage of data in the Cloud and CASBs excel at that. They fulfill the promise of seeing. Then, the rest is up to us: believing!
AXZEL:
With technological advances, we have also seen the threat landscape evolving. For all its strong points, what are some of the threats a CASB cannot solve for?
RAMSES:
Unfortunately, cybercriminals are using Machine Learning to automate attacks and while CASB can certainly detect many things, the orchestration in the attack vector might put some CASB technologies at a disadvantage. While it is true that unsupervised Machine Learning is great at detecting anomalies and abnormal behaviour; it is also true that CASBs are not being optimally deployed at their maximum capacity, with different modules being integrated for different cloud instances. And this is exactly where the loophole arises and presents offenders with greater opportunities. Seamless end to end integration of the CASB module is a key aspect of organisational defences. Finally, we need to remain vigilant. That’s the name of the game.