Others vendors, like Netskope, install agents that sit on user devices and monitor all the traffic from that device to any cloud app. Other services monitor network activity by being sent automated traffic reports.
Whereas traditional firewalls can tell IT that an employee is using Dropbox, a CASB product can tell IT what files were uploaded or downloaded. Some CASB vendors encrypt data before it goes into the SaaS application. For example, a rule can be set that any time a file that contains Social Security numbers is accessed that traffic must be encrypted.
Vendors such as FireLayers can add functionality on top of an existing application, such as allowing read-only privileges to users for certain documents, or requiring two-factor authentication when changes are made to a document. It puts what Sanabria calls a "choke-point" on the SaaS vendor. "It allows you to make SaaS apps basically closer to being enterprise-ready," especially as it relates to PCI or HIPAA compliance, he says.
For Levin at Western Union, just having the visibility into what users were doing was valuable. After monitoring worker traffic using Skyhigh, Levin discovered frequent use of file synchronization and sharing services. It highlighted the need for Levin and his IT team to provide a service themselves.
Western Union went with Accellion, which bills itself as a secure Dropbox alternative. Combined with a new program dubbed Western Union Information Security Enablement, or WISE, Levin was able to inform workers that if they needed to use file sync, share and storage, that Accellion was an option for them. Now, if a user attempts to access a platform like Dropbox, then Skyhigh issues a popup asking them to use Accellion instead.
Since the rollout employee usage of non-sanctioned services has dropped dramatically.
Western Union uses Okta - an identity management and single sign-on platform - on top of Accellion too. "We're really just trying to make sure people are making wise decisions, while giving them the tools necessary to be productive," Levin says.
Sign up for Computerworld eNewsletters.