HPE Community
Networking
1820912 Members
4603 Online
109629 Solutions
New Article ๎ฅ‚
 
Subscribe to RSS Feed
|
John_Spiegel

Two ways to protect your corporate data with CASB

โ€Ž04-30-2024 09:21 AM

_Secure-Data-in-SaaS-Applications-with-CASB-social-card-600x338.jpg

Applications. At the end of the day, itโ€™s the factory that IT runs on, right? In the past, those factories lived in the same location: your data center! Then along came cloud. Those factories took flight and now exist in every corner of our digital world. Honestly, the power and ease of access to these applications is jaw dropping. Need a word processing application? Download it from the Internet. What if I want to dive deep into the performance data from my last hard bike ride? Easy to doโ€”the data has been uploaded to the Internet and I can parse out my power numbers like a Tour de France rider. Or maybe I am a startup and want to have a world class HR solution. Again, itโ€™s just a click away.

The world has changed in the past 15 years. But here is the question. How does the enterprise leader or security engineer see, manage, and control these new applications? Said another way, how do you know what applications are running on my network? How do you secure all these amazing tools? How do I prevent critical data from leaving the company? Or worse, how do you detect malware in a SaaS application?

Building on a foundation of Zero Trust based on the HPE Aruba Networking SSE solution, letโ€™s rise up and solve these pressing challenges with a Cloud Access Security Broker (CASB).

What is a CASB?  It is a cloud-delivered tool which provides:

  • Visibility into cloud-based applications like SaaS
  • Compliance with critical regulations like PCI DSS and HIPPA
  • Data security so sensitive information remains within the corporation
  • Threat protection to prevent malware from propagating through cloud applications.

How does it work? Two ways.

Letโ€™s start with inline CASB. This is the simplest method, with the HPE Aruba Networking SSE cloud brokering all the traffic. As it is inline, it can detect things like someone downloading a payroll file from SharePoint and uploading it to Dropbox. Based on policy, it can inspect and classify files for sensitive information like social security numbers or credit card data and, more importantly, take action like blocking the download and alerting the SOC. Inline CASBโ€”itโ€™s easy to setup, activate and start protecting your critical systems.

The other CASB option is called โ€œout of band.โ€ This scenario works with complex SaaS solutions. Letโ€™s use Salesforce as an example. Here we are going to build policies to secure Salesforce by a common APIโ€”allowing further actions. Maybe we want to examine data at rest. Maybe we want to control access to actions like uploading or downloading sensitive files like customer accounts. Or maybe we want to ensure a compliance posture. Or worse, maybe we want to run checks for malware, so business critical data is not lost. Or maybe we want to configure key security functions from a central management point. All and more are possible with out-of-band CASBโ€”to help make the lives of enterprise leaders and security engineers easier!!

The game has changed.  For more about the HPE Aruba Networking SSE solution, reach out to usโ€”weโ€™re here to help you solve your cloud security challenges!

To learn more about CASB, please watch my lightboard video on how to secure data in SaaS apps with CASB.


_Secure-Data-with-CASB-vid-tn-600x338.png

Other resources:



Labels:
0 Kudos
About the Author

John_Spiegel

John Spiegel is Director of Strategy and Field CTO for the Axis Atmos SSE platform, powered by HPE Aruba Networking. He has 25 years of experience running global networks and managing infrastructure. He is an industry pioneer in software defined networking (SDN) and software defined WANs (SD-WAN). When not helping companies on their journey to modernize and secure their networks, John can be found cycling on the backroads of Oregon.

Top Kudoed Authors Last 30 Days
Author
Kudos
Eve-Marie_Lanza Avatar
Eve-Marie_Lanza
1
View all
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.