CASB technology is Rx for cloud opacity at AstraZeneca- Valutrics

A few years ago, the company starting working with CASB vendor Skyhigh Networks, piloting its tools, giving feedback and helping lay out the company’s general roadmap before becoming a paying customer, Smoley said. The CIO now sits on Skyhigh’s advisory board, giving insight into the latest technology trends and the challenges IT leaders face.

“Having that kind of a partnership means that we could be proactive in shaping or at least having input into the product direction and also be very, very close to them in terms of what issues we have,” Smoley said.

For a CISO, Haskill said the No. 1 benefit of using a CASB is having a single dashboard showing him what sites are being accessed and who is moving which types of data into which locations. The technology also rates websites on the quality and depth of the security and risk management strategies their providers have in place. If an employee visits a site that’s deemed unsafe or saves information in the wrong place, Haskill can discuss with him or her better, safer practices. Then he can decide whether to block access to the site if the risk is too high.

He can then take that information to executive meetings or even to the board of directors. If they ask how the company can avoid contact with dicey cloud providers, Haskill said, “I can go, ‘Well, this is how: We block from seven to 10 of the highest-risk sites — like default, we block them.'”