Although more organizations are adopting cloud access security broker technology, CASB policy templates and runbooks, as well as best practices, are still evolving, says Rohit Gupta, group vice president for cloud security products at Oracle Corp.
While initial CASB implementations had a somewhat narrow scope, organizations now want "full-fledged, end-to-end sanctioned cloud monitoring," he says in an interview with Information Security Media Group.
"The ability to essentially put controls around all sets of data so that sensitive content doesn't get exfiltrated ... has dramatically accelerated the need for enterprises to implement a CASB," Gupta says. "With cloud adoption being the highest it's ever been, CASB is becoming the de facto method of getting that control and policy enforcement in the cloud." (see: Public Cloud Is Here to Stay - Is Security Ready?)
CASB best practices, such as how to measure success and how a SOC should respond to incidents detected, are still evolving, he says. And drafting a homogenous policy template across different cloud layers remains a tactical challenge for practitioners, he notes (see: Assessing the State of CASB Adoption in APAC).
In this interview (see audio player link below image), Gupta shares more insights on:
- How to choose among the different flavors of CASBs;
- CASB best practices and runbooks for security teams;
- The outlook for the managed services model for CASB delivery.
Gupta, group vice president of cloud security products at Oracle, has responsibility for developing, communicating and delivering on the company's strategy for securing the enterprise hybrid cloud. He joined Oracle through the acquisition of Palerra, a CASB solution provider, where he was founder and CEO. Prior to founding Palerra, Rohit was vice president and general manager for the Remedy IT Service Management division at BMC Software, and vice president of product management for identity and access management at Oracle.