SaaS applications like Microsoft 365, Google Workspace, and Salesforce are now a ubiquitous part of business. With so much corporate data now residing in the cloud, a perimeter-based approach to security doesn’t cut it.
To enforce cloud data protection policies across SaaS apps, a cloud access security broker (CASB) has become a necessity.
This blog defines cloud data protection and highlights five organizations that have turned to Lookout’s CASB solution, Lookout Secure Cloud Access, to protect data in cloud applications. While each of these organizations had a different path to digital transformation, Lookout enabled them to implement a cloud application security system that fits their unique needs.
What is cloud data protection?
As organizations continue to adopt cloud services to store and manage their data, they also need to take steps to mitigate the risks that come along with cloud apps. Issues like accidental data sharing, email data leakage, insider threats, and more have become commonplace in the cloud era, which means it’s critical to have a plan for protecting your data.
A CASB is one of your best bets for cloud data protection — it’s essentially a data loss prevention (DLP) solution that operates in the cloud.
Read on to learn how five have put Lookout’s CASB solution to the test as they face down real-world data protection challenges.
1. A construction firm securely shares data with partners
Cloud apps have become the go-to method for sharing information with third-parties, but they also offer limited visibility into what’s happening with sensitive data after it’s shared. Because collaboration is key for construction firms, which rely on a vast network of employees, contractors, and suppliers to get things done, one of the U.S.’s largest commercial and civil contractors turned to Lookout to help their employees share documents with sensitive information with third-party partners.
The firm was using Box, Google Drive, and Salesforce, and realized that these cloud apps had limited security controls when it came to third-party sharing. With Lookout's help, they hoped to:
- protect sensitive documents downloaded onto unmanaged devices
- discover the use of unsanctioned apps, and protect against viruses
- malware that could infect files uploaded into the cloud.
They implemented Lookout Secure Cloud Access in an API-based deployment. By operating between user devices and cloud apps, the Lookout CASB solution serves as a critical tool for visibility and policy enforcement. And with native DLP and enterprise digital rights management (EDRM), the firm can take a granular approach to data protection and ensure that third parties can securely collaborate using cloud services.
A common set of DLP policies were created and enforced across Google Drive and Box, acting as guardrails to prevent users from accidentally sharing sensitive data, and EDRM added an additional layer of protection by encrypting files as they were downloaded so that policies extend into apps and devices the organization doesn’t manage.
2. A financial services firm prevents email data leakage
With employees constantly sending emails that contain sensitive company data to external parties, accidental data leaks are par for the course. When one large financial services company moved their email service to the cloud-based Microsoft Exchange Online with the Microsoft Outlook client, they realized how tricky it is to prevent data exposure via corporate email.
This company was using an on-premises email security solution, which made securing email in a cloud app incredibly convoluted. All outbound messages had to be backhauled to an on-premises data center before being sent back through the cloud and to recipients, which put an extra strain on the corporate network.
To solve this inefficiency, the company implemented the Lookout Secure Email Gateway, which eliminated the backhauling and enabled the client to apply unified DLP policies to their email traffic. With Lookout, the company was able to:
- identify and classify sensitive data within messages to prevent accidental exposure
- automatically block unauthorized recipients using content awareness and context analysis
- implement a broad range of remediation options to keep data secure without compromising productivity.
By including email security as part of their cloud app security, this financial services company was able to simplify their email workflow while implementing effective cloud data protection.
3. A large oil company migrates to the cloud
For organizations in highly regulated industries, keeping sensitive data protected while migrating to the cloud can be a challenging process. That's why one large oil and gas company based in southeast Europe turned to Lookout for cloud data protection as they began migrating their on-premises data and apps to public cloud infrastructure.
The organization was relying heavily on SAP for HR-related processes, and they needed to be able to adhere to strict privacy regulations when migrating to the cloud-based SAP SuccessFactors. Some of their top concerns during the process included integrating with existing security solutions and implementing access controls that could protect sensitive HR data.
After comparing vendors, they chose Lookout Secure Cloud Access with DLP as their CASB solution because of Lookout's ability to define and enforce policy at a granular level, ensuring users could get access to the tools they needed without being overly permissive. With so much sensitive HR data on the line, the company also liked that Lookout integrated seamlessly with Titus, their data classification system, and could guarantee that data unrelated to HR would not be uploaded to SuccessFactors.
4. Lantum protects against insider threats
Cloud data breaches don’t always come from outside threat actors — often, it’s employees who are responsible for data leakage. The UK-based company Lantum works with thousands of healthcare organizations and deals with highly sensitive data, and because of that protecting the organization against threats like account takeovers and insider threats is one of the company's top priorities.
Lantum uses Google Workspace, and they were concerned about the way sensitive data could be aggregated within Google Drive. They wanted to minimize the risk of data being shared outside an approved group, and they wanted more visibility over when sensitive data was being downloaded.
The company implemented Lookout Secure Cloud Access because it enabled them to protect cloud data from insider threats and compromised accounts by granting them newfound visibility into data, devices, and users. By continuously monitoring user behavior with Lookout’s UEBA capabilities, they can automatically enforce security policies and prevent malicious activities, which means they can be confident that data stored in Google Workspace stays protected.
5. A fintech company improves data security and compliance
Cloud apps can bring new complications to the already-complicated endeavor of compliance. After a period of rapid growth, a financial technology provider was faced with the challenge of protecting customer data and complying with regulations like the Payment Card Industry Data Security Standard (PCI DSS) and the California Consumer Privacy Act (CCPA).
The company had scaled quickly, and it became quickly apparent that they needed more visibility into their cloud data and app usage, and they needed to address issues including:
- using too many security solutions, which made it challenging to enforce uniform security policies
- aligning with compliance regulations, which had become more difficult as the customer base grew.
They chose Lookout to help solve these challenges, using Lookout Secure Cloud Access to secure their AI-powered, online financial platform, which hosted more than one million customer accounts. With Lookout's native DLP, they were also able to configure and maintain a uniform security policy for their expansive portfolio of SaaS apps. It also enabled them to create a unified set of IT policies to ensure data privacy and regulatory compliance, protecting sensitive data through actions like masking, watermarking, redaction, and encryption.
Why CASB needs a data-centric approach
When it comes to implementing cloud data protection, choosing the right security solution is critical. To find out more about the top use cases for CASB, download our free e-book, Protecting Your Cloud Data: The 5 CASB Use Cases You Can’t Ignore. You’ll learn about how Lookout’s unique, data-centric approach to security helps you keep your cloud apps secure.
Book a personalized, no-pressure demo today to learn:
- How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
- Real-world examples of phishing and app threats that have compromised organizations
- How an integrated endpoint-to-cloud security platform can detect threats and protect your organization
Protecting Your Cloud Data: The 5 CASB Use Cases You Can't Ignore
Protecting data in the cloud is no easy task.
To safeguard yours — and the hybrid workforce accessing it — you need a solution built for the cloud. And that means taking advantage of a cloud access security broker (CASB) that protects data in situations that matter to you.
In this e-book, you’ll learn how to assess your CASB options across five key capabilities.