4 Ways CASBs Differ from Cloud DLP

CASBs have traditionally been a popular option for enterprises seeking to secure their data. Both Gartner and Forrester predict that cloud security will continue to be a growing market through the end of 2023. Gartner projections foresee a 20% increase in CASB usage at large enterprises by 2022, while according to Forrester, cloud security will become a $112.7B market by 2023.

An enterprise’s credentials and secrets are constantly at risk, and it makes sense for enterprises to invest in a cloud-based security solution. However, a CASB may not be the right solution for every business; CASBs have a few shortcomings that are important to recognize. Here are some of the ways CASBs fall short – areas where cloud DLP may provide better protection for your business’s data. 
 

What is a CASB?

 
CASB stands for cloud access security broker. It’s a type of security platform that sits between an enterprise network and a cloud provider’s infrastructure, allowing for the monitoring and remediation of incidents that occur between the network layer and the cloud.

“Before the CASB era, enterprise security managers had no visibility into how all their data was protected,” explains CSO Online. “As cloud computing took off, enterprises needed a way to deliver consistent security across multiple clouds and [protect] everyone using their data. CASBs arrived to help give organizations much deeper visibility into cloud and software-as-a-service (SaaS) usage — down to individual file names and data elements.” 

CASBs offered an early solution to enterprises looking to protect data as it moves to and from unsecured devices, but today’s CASBs do not provide the same holistic solution they once promised.
 

4 ways CASBs differ from cloud DLP

 
CASBs are often conflated with cloud data loss prevention services like Nightfall. Historically, CASBs worked well when an enterprise was able to control and secure every point through which data could be transferred. All it took was adding a CASB to secure corporate desktop and corporate email and be assured that data would be safe. However, because so many of us are working from home and accessing work data on multiple devices, cloud DLP is augmenting – and sometimes replacing – the efficacy of CASBs. 

Cloud DLP can fill in where CASBs fall short. Cloud DLP solutions like Nightfall connect with cloud applications through APIs, giving application-layer visibility to security teams who need to remediate data security incidents in the cloud. We’ll use Nightfall as a point of comparison to demonstrate how cloud DLP is different than CASBs across four categories. 
 

Layer of visibility

 
A cloud access security broker offers IT professionals with limited visibility into their system security. CASBs typically sit between the enterprise network and the application layer of SaaS and IaaS platforms. This means that while you can observe and remediate data incidents between these layers, threat visibility and risk management generally do not extend within these services. Any personally-identifiable information (PII) shared within Slack, for instance, would not be protected by a CASB. There are some exceptions though, with some CASBs providing some cloud visibility through a virtual appliance connecting to cloud services.

Compare this limited visibility to Nightfall, which uses APIs to integrate at the application level of popular SaaS and IaaS services: Slack, GitHub, Atlassian, and AWS. This type of integration gives IT professionals the enhanced capability to detect, classify, and protect data within these services. 
 

Scope of detection

 
Not every CASB is created equal: CASBs can vary in the scope of what they’re capable of detecting, depending on if they are deployed on-premises or as virtual appliances sitting between cloud services. Traditional on-premises CASB deployments can only detect network layer information such as file sizes, upload/download speed, etc. While some CASB deployments allow for limited visibility into cloud applications, they don’t universally leverage machine learning to classify and detect data in the cloud.

Nightfall’s cloud DLP service uses 100+ machine learning detectors to identify common types of PII, such as credentials, keys, and other sensitive data. Nightfall’s detectors can identify these as text strings within code or applications directly using context or within various file types (images, PDFs, CSVs, etc.). And, unlike legacy DLP methods, Nightfall considers the context surrounding a given token in order to accurately classify it. This means Nightfall performs well on unstructured and ambiguous data, which is increasingly common in enterprises today. 
 

Ease of implementation

 
There’s a fair amount of technical know-how needed to properly get a CASB up and running. CASBs have multiple deployment models, depending on the type of CASB and specific use case involved, and most CASBs have to be set up by network administrators who thoroughly understand an organization’s data policy – otherwise, you risk misconfiguring the CASB and negating some of its potential usefulness as a security tool. 

Nightfall is lightweight and an easy lift in terms of getting set up and ready to go. Nightfall integrates with cloud services and infrastructure in seconds through API connectors. Its plug-and-play nature means nearly anyone can set it up without hassle. “Nightfall saves us many hours of development by working across all our projects with minimal time spent on configuration,” reported a representative from Calgary Public Library, one of Nightfall’s clients. 
 

Options for remediation

 
Because configurations can vary, organizations might need multiple instances of a single CASB or multiple CASBs to comprehensively address their data policy needs. IT security teams that are seeking a complete security system may have trouble finding that in just one CASB agreement. “To provide a full complement of CASB services, many major CASBs have at some point acquired a product or company that they bundle with their other previously existing products. They may also partner with external companies to offer additional services,” writes one expert.

Adding these different elements can create a logistical nightmare for enterprise security teams. Compare this to Nightfall, an easy solution that provides a single pane of glass to secure your SaaS and IaaS stack. From a single dashboard, you can view incident analytics as well as create automated notifications and deletion workflows to manage your cloud security. 

Where CASBs will only cover your new data, Nightfall can sync with your tech stack to scan and protect historical data. For instance, on GitHub, Nightfall Radar, a GitHub repository scanner, gives you a way to scan any data within your repositories. Through the Nightfall DLP GitHub Action, detectors can be set to scan code before a pull request is merged. This pre-merge scanning process can also be automated through GitHub workflows, giving you coverage on all your historical data as it exists today in GitHub and proactive protection going forward. 

Learn more about Nightfall’s cloud DLP capabilities by scheduling a call with one of our experts at the link below.

Share this post: