Editor's Note: This is the third part of a six-part blog series on the value of SASE.
- Part 1: Separating Product from Philosophy
- Part 2: Protect Remote Workers Anywhere
- Part 3: Secure Data in the Cloud
- Part 4: Mitigate Threats to Data Security
- Part 5: Connect and Defend the Network
- Part 6: Using Risk to Simplify Security Policy Enforcement
The Great Office Exodus of 2020 drove many organizations to scramble to provide access to key business resources on the web, in the cloud, and in the data center. Web and cloud-based apps were easy; people working at home had no trouble getting to them.
Part 1 - Separating Product from Philosophy
For organizations that had relied upon on-premises gateways for security either required users to always be on a VPN (which is painful for most users) or have users go unprotected if they connected directly over the internet. But, with so many relative novices now working remotely, internet attacks rose dramatically, increasing the risk to users, their computers, and data they used on those computers or in the cloud.
To mitigate this risk, many businesses and government agencies began shifting to cloud-based security to replace the on-premises solutions. In many cases, the first step was to switch to cloud-based Secure Web Gateway (SWG); then, interest skyrocketed in moving to Zero Trust Network Access (ZTNA) services that replace VPNs for enabling people to safely get to internal private applications; and to round things out, Cloud Access Security Brokers (CASB) gained new importance as the primary tool for enforcing data security policies for information stored in cloud apps like Microsoft Office 365.
All three of these cases used the cloud to secure usage of the crucial business information, the very essence of a SASE approach to security. In adapting to the new world of working remotely, many organizations began using SASE even if they didn’t call it that at the time. Let’s look at a few examples of one of these: the use of CASB to provide visibility and control for cloud-based applications and the data stored in them.
Communisis: Cloud Access Security Broker
Rarely is there a one-size-fits-all data security policy. Companies like Communisis have departments that require varying levels of access to different types of data. Ensuring that information stays protected while enforcing the right level of security without impacting user productivity is a tightrope walk itself.
Our Cloud Access Security Broker (CASB) give their business a new level of visibility into cloud application usage ahead of an enterprise effort to move to more cloud-based services. The Communisis security team was able to set granular policies that considered both the department the user resided in as well as the sensitivity of the data they were using.
Business Value: Tailor-made policies that adapt to the sensitivity of the data enable Communisis to provide security on a sliding scale without impacting productivity.
Here's more from Communisis Chief Risk Officer Michelle Griffey:
Global Airline: CASB
People now are working from many different places—their homes, an office or even their local coffee shop. This distribution can make it difficult to keep track of what users are doing and ensure that they’re using sanctioned cloud applications instead of unknown software-as-a-service out on the web. One global airline faced a similar problem with its 2,800 staff located across 24 airports.
Its users were accessing cloud applications—some approved and others unknown to IT—with their own individual accounts via the public internet. Virtual Private Networks (VPNs) proved slow and difficult to manage, so the airliner adopted Forcepoint’s CASB.
Our CASB consolidated employee cloud application usage and shadow IT activity to provide transparency for the security team without interrupting end-user productivity.
Business Value: Visibility into employee activity in the cloud allowed the company to reduce IT risk across all its locations.
Acme Brick: CASB
An employee-led shift to cloud-based services meant security needed to move to keep up at Acme Brick. The Berkshire Hathaway company understands its parent company places the spotlight on it and keeping visibility of user activity in the cloud was key to staying ahead of security incidents.
Almost immediately after deployment, the company found sensitive information being shared across known and unknown applications—a level of insight it never had before. Finding the blind spots were vital in maintaining compliance with regulations like PCI DSS.
Business Value: “We got astronomically more visibility with CASB compared to what we got out of analyzing Box and O365 logs,” Jesse Glaesman, Cybersecurity Manager at Acme Brick, said. “Forcepoint opened our eyes. We’ve never had that line of sight and understanding before.”
Protecting Data in the Cloud with SASE
Data access and security should be a central focus in every company’s IT security strategy. SASE solutions like a CASB gives organizations the visibility they need to protect sensitive data from threat actors.
Learn the Five Pillars for Creating your Modern Unbound Enterprise with Data-Centric SASE in our webcast.