How Agencies Gain Visibility with CASBs
CASBs serve as an additional security layer between cloud service providers and end users.
The solutions can provide greater visibility into cloud application use, potentially helping agencies track user behavior, authenticate users, enforce policies surrounding sensitive information storage and sharing, and meet various compliance requirements.
CASBs may help an agency determine, for instance, that an employee has downloaded a nonsanctioned and possibly problematic application. They can also enhance overall data protection efforts through methods like encryption.
Federal agencies began using CASBs more frequently about three or four years ago, according to Andras Cser, vice president and principal analyst for security and risk management at Forrester.
The CASB offered by Skyhigh Networks (later acquired by McAfee), for instance, received FedRAMP certification for meeting the program’s security requirements in mid-2016.
“Data protection was the main driver for CASB adoption, along with FedRAMP,” Cser says. “The advantages include shadow IT detection, data leak prevention and threat detection through scrutinizing unusual traffic patterns, and malware detection. CASBs help prevent confidential data loss in cloud apps.”
Today, a number of agencies — including the National Oceanic and Atmospheric Administration, the Food and Drug Administration and the departments of Transportation and Energy — utilize CASB tools such as McAfee’s MVISION Cloud or Cisco’s Cloudlock.
EXPLORE: How can security keep up with multicloud environments?
FDA Uses Its CASB for Cloud Security
Given that the FDA works to ensure the safety and quality of products that range from medical devices to much of the food supply — which, according to the agency, accounts for roughly 20 cents of every dollar Americans spend each year — data housed within the agency’s information systems could clearly be an enticing target.