Use a CASB to Protect Your PII and PCI No Matter Where It Is or How It Got There


Written by Michael Higashi

Data is everywhere. It’s in databases, both behind your firewalls and in the cloud. It’s in documents downloaded onto employee phones and tablets. It’s in files shared with third-parties via file sharing systems.


Personal Identifiable Information (PII) and Payment Card Information (PCI) is found in files and databases and can leak to all these places. And that’s just when it’s at rest. When data’s pulled out of those databases, to be used in applications, it’s vulnerable during use, batch processing and vulnerable during transit, too.

Cloud access security brokers, or CASBs, act as a central control point to protect data in the cloud, offering a number of services like encryption, tokenization, data loss prevention, and access controls. They can protect your data—maybe, if you have defined the data protection problems you need to solve and if you select the right CASB that addresses both your security and compliance requirements.

Companies have trouble doing that, according to Gartner, because they don’t know all the cloud services they use and the associated risks. Even when these are known, companies can’t verify compliance with policies. Gartner tracks more than 20 vendors providing CASB functionality with varying capabilities; some vendors claim CASB functionality to simply take advantage of the market hype.

Cut Through the Hype

Learn about the four pillars of CASB services, Gartner’s framework defining the services provided by CASBs. Understand your use cases, the pain points you need to address. Then you can evaluate CASBs for how well they implement those pillars and their relevance to your specific situation. Based on that evaluation you can select a CASB that will provide the protection you need.

Here’s a look at how CipherCloud’s CASB helped real businesses mitigate pain points around protecting, monitoring and remediating PII and PCI data loss. Upcoming posts will show you how CASBs can mitigate your pain points around privileged user access, multi-cloud controls, and external collaboration.

Customer background: A credit reporting company in Minneapolis needed an ongoing way of identifying sensitive or regulated information in file-sharing applications. They needed to allow sensitive content to be shared with authorized external parties and to prevent violations without impacting the user experience.

Pain Point: Loose Data Classification Policies

Not every company fully understands what data is flowing to the cloud or has classified it according to risk. Companies may want a deeper understanding before they implement policies that enforce collaboration controls on users.

CASB solution: Use data loss protection templates to identify data needing protection based on patterns for private and regulated data. This allows companies to start protecting data without completing a full analysis to identify data at risk. Notifications can prompt end users to remediate data issues themselves or by a security administrator, while reports let these administrators monitor user activities and demonstrate compliance for auditors.

Pain Point: Data Transferred to and from Third Parties

External third parties may not be aware of risks and policies when they upload files containing sensitive information to cloud storage for use by your employees.

CASB solution: Provide continuous data monitoring. Encrypt, delete or quarantine files containing sensitive information shared with unauthorized users.. Apply same DLP policies to local file servers and cloud-based storage. And critically, alert administrators to the presence of sensitive information so they can guide users on corporate data use policies.

Company background: Employees of a Fortune 100 cable company used Shadow IT and cloud storage to make collaboration and file sharing easier. The company couldn’t eliminate the use of cloud storage without impacting productivity, but needed to gain visibility and control over the shared files.

Pain Point: Data Transferred to External Storage

Employees trying to get work done relied upon unapproved, uncontrolled file sharing sites.

CASB solution: Apply the DLP policy wherever the target for the data. Block the ability to share certain content outside the organization.


Register for On Demand Webinar: 3 Steps to Making CASB Work for You

Company background: One of the leading Canadian banks needed a solution to keep it in compliance with multiple regulations including PIPEDA, EU Privacy laws, and the US Patriot Act. 

Pain Point: Passing Compliance Audits

Compliance audits can be time-consuming and difficult, pulling IT staff away from their work to answer questions and requiring a lot of time collecting data shattered sources of data. Mitigating problems found in audits can be costly.

CASB solution: Use encryption or tokenization of data to satisfy compliance standards, especially around data privacy and residency. Create policies enforced across multiple sanctioned clouds. Log user access to restricted data. Reporting on policies and violations,via a centralized CASB platform, reduces much of the effort to collect the data required by auditors.

Deploying a CASB lets you address these pain points, preventing data leaks and compliance violations. Find out more about how CASBs can protect your data in our CASB Resource Center.