Starting May 2, 2024, find new blogs on HPE Community. Questions? Contact us

Go to new blog site

HPE Aruba Networking Blogs

Two ways to protect your corporate data with CASB

By John Spiegel, Director of Strategy and Field CTO, Axis Atmos SSE platform, powered by HPE Aruba Networking

Applications. At the end of the day, it’s the factory that IT runs on, right? In the past, those factories lived in the same location: your data center! Then along came cloud. Those factories took flight and now exist in every corner of our digital world. Honestly, the power and ease of access to these applications is jaw dropping. Need a word processing application? Download it from the Internet. What if I want to dive deep into the performance data from my last hard bike ride? Easy to do—the data has been uploaded to the Internet and I can parse out my power numbers like a Tour de France rider. Or maybe I am a startup and want to have a world class HR solution. Again, it’s just a click away.

The world has changed in the past 15 years. But here is the question. How does the enterprise leader or security engineer see, manage, and control these new applications? Said another way, how do you know what applications are running on my network? How do you secure all these amazing tools? How do I prevent critical data from leaving the company? Or worse, how do you detect malware in a SaaS application?

Building on a foundation of Zero Trust based on the HPE Aruba Networking SSE solution, let’s rise up and solve these pressing challenges with a Cloud Access Security Broker (CASB).

What is a CASB?  It is a cloud-delivered tool which provides:

  • Visibility into cloud-based applications like SaaS
  • Compliance with critical regulations like PCI DSS and HIPPA
  • Data security so sensitive information remains within the corporation
  • Threat protection to prevent malware from propagating through cloud applications.

How does it work? Two ways.

Let’s start with inline CASB. This is the simplest method, with the HPE Aruba Networking SSE cloud brokering all the traffic. As it is inline, it can detect things like someone downloading a payroll file from SharePoint and uploading it to Dropbox. Based on policy, it can inspect and classify files for sensitive information like social security numbers or credit card data and, more importantly, take action like blocking the download and alerting the SOC. Inline CASB—it’s easy to setup, activate and start protecting your critical systems.

The other CASB option is called “out of band.” This scenario works with complex SaaS solutions. Let’s use Salesforce as an example. Here we are going to build policies to secure Salesforce by a common API—allowing further actions. Maybe we want to examine data at rest. Maybe we want to control access to actions like uploading or downloading sensitive files like customer accounts. Or maybe we want to ensure a compliance posture. Or worse, maybe we want to run checks for malware, so business critical data is not lost. Or maybe we want to configure key security functions from a central management point. All and more are possible with out-of-band CASB—to help make the lives of enterprise leaders and security engineers easier!!

The game has changed.  For more about the HPE Aruba Networking SSE solution, reach out to us—we’re here to help you solve your cloud security challenges!

To learn more about CASB, please watch my lightboard video on how to secure data in SaaS apps with CASB.

Secure Data in SaaS Applications with CASB video

Other resources: