Five tips for using CASBs to improve cloud security

Five tips for using CASBs to improve cloud security

Lying on a beach, sipping your favourite drink and checking the latest financials from a colleague; or sitting at the kitchen table and writing a report on your security findings on a client’s infrastructure. Too tempting, and easy, not to, right? Modern tech helps us have our life, all our identities – private, work, social – in one place, for our convenience and enjoyment. But what about security?

1000

Related content

Consider the following example. Many businesses use cloud storage solutions for their work, for instance Microsoft OneDrive or Google Drive. When they want to share documents outside the organisation, they invite external users to join their cloud folder, let’s say in Microsoft OneDrive. The invitation is usually sent to the external user’s work e-mail address, with a link to join the cloud folder. Often, due to certain settings in Microsoft, if a user already has a private Microsoft account, they can access the shared link with this account. All they need is the link; there are no other enforced authentication mechanisms. And therein lies the risk for the business. Links can easily be shared. And what about finding and proactively removing all those private accounts joining the corporate cloud environment?

Several years ago, Gartner introduced the term ‘CASB’, or Cloud Access Security Broker, often mentioned at conferences and in publications as a potential silver bullet for cloud security. CASBs are software vendors which provide organisations with visibility into the cloud services being used, highlight the key risks of such usage, protect data in the cloud, and provide end-user behaviour analytics. In short, they monitor what’s going on with enterprise cloud.

But are CASBs, as claimed, really a silver bullet for cloud security? Can they really remove the risks by automating cloud discovery, security monitoring, and data protection? After working with CASBs for our clients at KPMG, I believe there is certainly potential in the software. But, just as a silver bullet still requires someone to shoot it, there’s also work for the organisation to do before it starts using a CASB.

My five take-aways for corporates that plan to use CASBs:

  1. Know your goals. Understanding the use cases for which you plan to deploy CASBs is vital. Are you considering monitoring your user behaviours in specific SaaS or controlling overall traffic? Do you just need an extra compliance check to see where your corporate data is going? What about access to the cloud from (unmanaged) mobile devices, do you also want to know about that? The use cases that you want to monitor can have a significant impact on your choice of potential CASB (or your choice of several providers);

  2. Set up the right policies. CASBs claim to shed light on your cloud usage and they do. They shed so much light, you’ll need some serious sunglasses, including UV protection. And by protection, I mean the right policies on what will generate alerts, on how to triage them and on how to publish them to the dashboard of your choice. If the policies aren’t configured to reflect a company’s actual security risks, CASBs can generate too many alerts for a company to handle. Many security operations departments already don’t have sufficient staff to keep up with all on-premise alerts, so CASB policies are a crucial factor in ensuring that the alerts generated are indeed the ones that need to be acted on;

  3. Ensure that connection with enterprise IAM is possible. To get the most out of the CASB functionality, such as the ability to alert you on your cloud services being accessed from unusual or prohibited locations, or prevent access to cloud services from unmanaged devices, it is essential that you can connect to CASB with your enterprise Identity and Access Management system (which can be either on-premise or IDaaS). Done right, this will reduce the risk of unauthorised access to your cloud services;

  4. Connect to cloud and/or on-premise SIEMs. Having one source of alerts has proven both a better and an easier way for employees to monitor and react to on-cloud anomalies. Do you like Splunk dashboards or do you prefer to send the feeds to your on-premise SIEM? Either scenario is currently possible with many CASBs;

  5. Streamline users to specific cloud service providers. Finally, once you understand where your cloud traffic goes and your employees usage patterns, you can build on this knowledge by promoting specific cloud tools (for CRM, collaboration, storage, etc.) to minimise the different cloud software being used for the same purpose. (In our experience, banning specific cloud providers, for example Slack, won’t help much, as there are always alternatives available (for Slack, for example, Teamwork or Trello) that users can switch to easily.)

Any further questions on CASBs? Don’t hesitate to get in touch!

Olga Kulikova

Senior Consultant, KPMG Cyber

Connect with us

 

Request for proposal

 

Submit

KPMG's new digital platform

KPMG International has created a state of the art digital platform that enhances your experience, optimized to discover new and related content.

 
Read more