The document presents a comprehensive business case for Cloud Access Security Brokers (CASB), emphasizing their necessity for organizations utilizing cloud services. It outlines the importance of quantifying usage, risks, and potential return on investment through various use cases like visibility, compliance, data security, and threat protection. Finally, it encourages planning and sharing a value timeline for implementing CASB solutions to effectively govern cloud environments.

1. 2016 © Netskope. All rights reserved. 2016 © Netskope. All rights reserved.
The Definitive CASB Business Case Kit
Jamie Barnett, CISSP, SVP Cloud Intelligence

2. 2016 © Netskope. All rights reserved.
Gartner’s Top 10 Information Security Technologies
2
#1

3. 2016 © Netskope. All rights reserved. 3
But When Your Day Job Looks Like This, Who Has
Time for “New Initiatives?”

4. 2016 © Netskope. All rights reserved. 4
The Dreaded
Business Case
(cue dramatic music)

5. 2016 © Netskope. All rights reserved. 5
First, Quantify Usage and Risk

6. 2016 © Netskope. All rights reserved. 6
Actual:
977
IT estimate:
40-50
Source: Netskope Cloud Report
Cloud procurement happens
outside of IT
It’s every line of business, every
function, workgroup, and person.
No visibility or control

7. 2016 © Netskope. All rights reserved.
33 Percent Business Data in Cloud
7
one-third
of it
“unknown”

8. 2016 © Netskope. All rights reserved. 8
25 “ecosystem” apps
on average per “anchor
tenant” app or suite

9. 2016 © Netskope. All rights reserved. 9
Nearly Half
of all cloud app
activities originate
from a mobile device
One Third
of all DLP policy
violations occur on a
mobile device

10. 2016 © Netskope. All rights reserved. 10
Risk = Assets x Vulnerabilities x Threats
ASSET
THREAT
VULNERABILITY
Data (cost of losing or leaking sensitive data)
Systems (cost of downtime of a business-critical system)
External (malware, data breach)
Technical (vulnerabilities, e.g., OpenSSL)
Non-technical (people, misconfigurations, share button)
(how this definition might look when it’s in the cloud)
Internal (data loss or exposure, system downtime)

11. 2016 © Netskope. All rights reserved. 11
data
leak
IP worth $50M Shared with
design
collaborator
Who leaves
company with
your data

12. 2016 © Netskope. All rights reserved. 12
Then, Benchmark Against Others

13. 2016 © Netskope. All rights reserved.
Next, Determine Your CASB Use Cases
13
VISIBILITY
DATA
SECURITY
COMPLIANCE
THREAT
PROTECTION
The Four Pillars of CASB
“CASB is a required security platform for
organizations using cloud services.”

14. 2016 © Netskope. All rights reserved.
Use Case 1: Visibility Use Case
14
• Discover apps
• Assess enterprise-readiness
• Calculate risk
• Find compromised credentials,
malicious sites, TORs, anonymizers

15. 2016 © Netskope. All rights reserved.
Use Case 2: Compliance Use Case
15
• GDPR – residency, privacy
• PII – downloads from HR
• SOX – data mods in finance
• PCI – shares of PCI
• NERC/FERC – data upload

16. 2016 © Netskope. All rights reserved.
Use Case 3: Data Security Use Case
16
• Protect confidential data in sanctioned
apps, e.g., O365
• Prevent IP upload to unsanctioned
apps
• Encrypt sensitive data at rest and en
route

17. 2016 © Netskope. All rights reserved.
• Block or remediate malware in
sanctioned/unsanctioned
• Detect and remediate ransomware
• Share threat intelligence with
EDR/sandbox
Use Case 4: Threat Protection Use Case
17

18. 2016 © Netskope. All rights reserved.
Quantify ROI Based on Those Use Cases
(Customer Sample. Values Vary by Enterprise.)
18
VISIBILITY
DATA
SECURITY
COMPLIANCE
THREAT
PROTECTION
Avoidance of
failed audits
Avoidance of
non-compliance
Assessment of
existing apps
Assessment
of new apps
Automation of log
collection and review
Consolidation of
redundant apps
$605,000 $10,495,000 $357,500 $390,000
$312,000 $536,250 $16,419,476
Total Cost
Avoidance +
Savings
+ + +
+ +
Avoidance of data
breaches
involving cloud
$3,723,726
=

19. 2016 © Netskope. All rights reserved.
Finally, Plan and Share Your Roadmap and Value Timeline
19
Mobile Device
Management
Sandboxed
Mail and WebCloud Spend
Control
Data Loss
Prevention
Real-time
Policy
Enforcement
Govern all
cloud apps,
including
ecosystems
Allow, Don’t
Block
Netskope Value-on-Investment
Any app, any device, anywhere
Malware
Protection
Discover all cloud apps
and assess risk
Vendor
Assurance
Risk
Assessment
Netskope Advanced Discovery
Safely enable sanctioned
cloud apps
Govern all apps and data
Netskope for:
Box, Dropbox, Egnyte, Google
Suite/GCP, Office 365, Salesforce,
ServiceNow, Slack
Netskope Active Platform
Granular
Access
Control
DLP, anti-malware,
real-time policy
enforcement, and
access control
across all apps

20. 2016 © Netskope. All rights reserved.
This Is All Well and Good, But We Need Tools!
(We Put Examples Into a Handy Packet for You: netskope.com/casb-starter-kit)
20
Cloud Risk Assessment Benchmarks ROI Calculator

21. 2016 © Netskope. All rights reserved.
Thank you!
21
Jamie Barnett, CISSP
jamie@netskope.com
@jamiecbarnett
/jamiecbarnett