Data protection: are your people the weakest link?

These days, employees like to have the freedom to use personal apps on their work devices. But – knowingly or otherwise – they can be endangering your critical data. So how do you keep everything secure?

Balancing convenience and control.

The lines between work and personal devices have blurred for many. People use their devices for company applications while also wanting access to personal apps. A typical user might have WhatsApp on their phone and use Google Drive on their laptop for personal files. The problem? Personal applications can introduce risk to confidential company data.

Coexistence of business and personal apps creates challenges.

When business and personal applications reside on the same device, critical data can be easily transferred outside the secure business environment. An employee might accidentally save an important document to their personal cloud storage instead of the company drive, or someone within the company might steal files in bulk for personal gain. The outcome is the same: a data breach.

Traditional Solutions: A Blunt Approach.

Traditional network security tackles this issue with an all-or-nothing approach to personal applications. You can either take a strict stance and allow no personal applications at all, or have an open environment where staff can install anything they like.

The problem with a strict no is that people expect and need to use applications like cloud storage, banking, and personal email on their devices. Denied these options, employees may leave for a more flexible employer.

On the other hand, a wide-open approach is equally problematic. Allowing unrestricted personal app access is like leaving the door wide open and inviting a security breach.

Granular control with a CASB.

So how can you support real-world usage by employees while maintaining security?

A Cloud Access Security Broker (CASB) is a technology that provides companies with granular control over application usage on all devices. Delivered as part of a SASE suite, it works like this:

1. Mapping the application landscape: A CASB builds a comprehensive profile of the SaaS applications each person is using. These profiles are continuously updated in the background after the initial build.
2. Granular permission control: App permissions are presented in a clear interface, allowing for granular control. For instance, you could permit most users to access LinkedIn to view and like content, but not to post images or videos.
3. In-app access control: CASBs can delve within apps to control how they handle files and data. For example, you might allow Google Drive to be installed, but block the ability to add files from any local source.
4. Continuous risk visibility: A CASB service reports on all your applications, making it easy to identify authorised and unauthorised applications, and create customised rules.

Integrating a CASB into your network infrastructure.

Moving to a CASB is often part of a larger shift towards a SASE-based environment.

It’s crucial to choose a provider with extensive experience in network rollouts. Even more importantly, a provider with proven leadership in data security will guide you in building a strong long-term strategy and keep you informed of evolving cybersecurity threats and trends.