Project Description

Cisco Cloudlock CASB: Secure Your Cloud Users, Data, and Applications

The Age of the Cybersecurity Platform and Importance of CASB

By significantly reducing costs and substantially boosting collaboration and productivity, the cloud has revolutionized how business is done. It has also completely changed how IT professionals approach information security. Historically viewed as an enigmatic, and even dangerous territory, the cloud is now recognized as having the potential to be the most secure landscape organizations have ever worked within. This secure landscape only comes with the right approach to cloud security. IT managers need an approach that deals with more than traditional security risks, but also, insider threats, compromised accounts, data leaks, and entirely new, cloud-native attacks.

Cloud security is itself a shared responsibility. Organizations must understand their security responsibilities in the cloud.

What is required is a cybersecurity platform that is more than a simple tool or product. In addition to protecting, defending, and securing your cloud data, the only way to effectively combat the newest threats is to practice security that helps, rather than hinders, end-user productivity. Cloud Network Solutions enables our customers to embrace the cloud while strengthening your Cybersecurity by offering Cloud Access Security Broker (CASB) services like Cisco Cloudlock.

Cisco Cloudlock

Cloud Network Solutions is pleased to offer Cisco Cloudlock, a cloud access security broker (CASB) and cloud cybersecurity platform that helps accelerate the use of the cloud.

Cisco Cloudlock is a frictionless solution that helps organizations securely take advantage of the benefits of the cloud, including detection of actual and potential cloud account compromises, data breaches, and cloud malware. It also provides codeless security for homegrown apps and actionable cyber security intelligence across an organization’s entire cloud infrastructure. Cisco Cloudlock orchestrates existing security investments to provide a coordinated, thorough security solution.

The proposed solution is part of Cisco Cloud Security, which includes Cisco Umbrella—all available through Cloud Network Solutions to provide effective security that is simple, open, and automated. As part of a complementary, integrated solution, Cisco Umbrella secures cloud users, wherever they are.

Cloud Network Solutions – Cisco Cloudlock Benefits

While cloud security products focus on securing an enumerated list of SaaS applications, a platform extends security to protect apps and dynamically orchestrates security across an organization’s cybersecurity architecture. This orchestration includes identity-as-a-service (IDaaS), security incident and event management (SIEM), next-generation firewalls (NGFWs), secure web gateways (SWG), threat emulation, and more.

As a platform, Cisco Cloudlock takes a programmatic approach to cloud security. In addition to interfacing with APIs from cloud services, this solution is a collection of RESTful, API-based microservices. Using this approach, it can dynamically apply individual security services, such as cloud data loss prevention (DLP), to custom, homegrown apps as well as primary SaaS apps.

The following points describe how our CASB solution can help you achieve your business objectives and how we can make it happen.

Desired Business Outcome: Accelerate secure cloud adoption

Security risks continue to be a key barrier to cloud adoption. With the right security controls, organizations can accelerate their journey to the cloud. They can achieve all of the benefits of the cloud, from reduced costs to improved collaboration. Organizations can also securely and confidently adopt new cloud technologies.

Desired Business Outcome: Reduce the risk of cloud security breaches

Our solution helps secure your users, data, and apps in the cloud with user and entity behavior analytics, cloud DLP, and our applications firewall.

Desired Business Outcome: Enable compliance

Compliance requirements don’t end at the network’s borders. Organizations need to protect their user accounts from compromise and their data from exposures and leaks. Cisco Cloudlock solution provides over 70 built-in policies to enable compliance.

Cloud Network Solutions – Cisco Cloudlock Advantage

Cloud Network Solutions’ implemented Cisco Cloudlock solution stands out among the competition in several ways:

Cloud native: Cisco Cloudlock is a frictionless, cloud-based solution that deploys in five minutes, delivers immediate value, and causes no disruption for end users.

Broadest and deepest coverage: Our solution’s retroactive security analytics go back further than any competing solutions. Unlike proxy solutions, the proposed solution also natively covers cloud-to-cloud traffic. It is a cybersecurity platform that covers IaaS and PaaS platforms such as Amazon Web Services (AWS). The collection of microservices can protect any custom, homegrown app.

Most scalable platform: The CASB solution we offer has the largest customer base in the industry, with over 750 organizations using it. It pioneered the API approach to CASB and has demonstrated enterprise-scale.

Cisco ecosystem: Cisco, the developer, provides an integrated, architectural approach to security, with rock-solid vendor viability and ongoing research.

Cisco Cloudlock Overview

In order to securely benefit from the reduced costs and productivity the cloud offers, organizations need to protect three core assets:

Users: Protecting users involves identifying anomalous behavior indicative of account compromise or malicious insider activity and responding accordingly.

Data: Defending data involves identifying and remediating instances of sensitive information stored in cloud environments, particularly sensitive data that is excessively shared and/or in violation of corporate policy.

Apps: Maintaining visibility into and control over cloud application usage, particularly when applications are self-enabled by users and connected to corporate systems, creating a potential vehicle for data exfiltration and/or exploitation.

Cloud Network Solutions implemented Cisco Cloudlock solution achieves these goals in the following ways:

  • User Security: The solution provides cross-platform user and entity behavior analytics (UEBA) for SaaS, IaaS, PaaS, and IDaaS environments. It uses advanced machine learning algorithms to detect anomalies based on factors such as activities outside of whitelisted countries and actions across distances at previously impossible speeds. Cisco Cloudlock also integrates with IDaaS solutions, including Okta and OneLogin, to analyze login behavior for the thousands of apps connected to those services. Additionally, it integrates with SIEM and ticketing systems to provide the user behavior data you need, where you need it.
  • Data Security: Cloudlock solution continuously monitors cloud environments to detect and secure sensitive information through numerous out-of-the-box policies as well as highly-tunable custom policies. Security professionals use the proposed solution to configure automated response actions to remediate risk when there is a policy violation. These responses can include end-user notification, file-level encryption, transfer of ownership, quarantine, and more, with individual capabilities dependent on platform support. Advanced capabilities such as threshold and proximity controls increase the true positive and decrease the false positive rat. The proposed solution’s highly-intuitive and flexible interface also enables efficient incident remediation.
  • App Security: The included Cisco Cloudlock Apps Firewall discovers cloud apps connected to your corporate environment, and provides a crowd-sourced Community Trust Rating for individual apps. You can ban or whitelist them based on risk profile and access scope, increase employee awareness with email alerts, and revoke apps in bulk across the entire user base. Cisco Cloudlock solution also allows visibility into apps connected to your IDaaS, including Okta and OneLogin.

Cisco Cloudlock is a 100 percent cloud-native, SaaS service that uses APIs to secure supported platforms and orchestrate security with third-party security solutions:

Cisco Cloudlock Architecture


Project Details

  • Solution OverviewCloud Access Security Broker