SaaS app use is accelerating in our company, and management is worried about risking proprietary content that’s stored within these apps. How can we protect this data by controlling (or preventing) content uploads and downloads?
Consider exploring VMware SASE™, which leverages the principles of zero trust network access (ZTNA), which enforces layered defense with cloud hosted security services when users access enterprise applications.
The solution’s VMware Secure Access™ service provides access to remote users based on their identity and device posture, only providing them access to the applications they need. This approach helps tighten the security posture.
For example, let’s say your marketing department is using a web-based application to create collateral for a campaign. They paid for this SaaS software using a company-issued credit card. Your IT team has no knowledge of the application being used and by extension, the risk the application poses.
VMware Secure Access helps IT get visibility into all SaaS apps used across your entire organization. Based on this visibility, you get instant understanding about the risk posed by each SaaS application. You may then determine that any risky application is blocked.
Our solution also helps you exercise control over the activities users can take with these applications. For example, you can control the who/what/where of login, edit, download, upload, delete etc. In this case, you could benefit from a cloud access service broker (CASB) — a new security service included in VMware SASE — which gives you real-time visibility and control over incoming and outgoing traffic. CASB would empower you to apply role-based access policies to web apps and identify use of unsanctioned apps, including apps that are on the public Internet (e.g., personal e-mail).
Layered security is enforced on the traffic inline between the user and the SaaS applications. The policy enforcement is consistent whether the user is at home, in the office or on the move.
Check out this diagram as an example. The user is accessing a company-sanctioned app and transferring sensitive data to their unsanctioned app — their personal e-mail folder — over the public Internet. By policy, CASB can detect this move and blocks transfer of the intellectual property.
Have a SASE question? Email Craig at firstname.lastname@example.org. Craig can’t respond to questions directly, but your topic could be considered for a future blog. For VMware SASE questions, comments, and inquiries, contact VMware SASE.