Transcript
First thing that you need to do is really around the visibility of what's happening in your environment, right? So you want to be able to understand if users are accessing unsanctioned applications - like Box or Dropbox versus a sanctioned application like Office 365 or OneDrive. If you're an Office 365 shop, you know every everything works better if data stays inside of Office 365, OneDrive works better, share pri- works share SharePoint works better. So let's prevent uploading of data to Box and Dropbox and allow uploading of data to Office 365. You may even say, okay, I don't want you to use Zippyshare. I don't want to do print PDF converter. Any number of cloud applications Zscaler can give you visibility to so you can start to shrink down your pipe and say, okay, uh, I want data to go to these sanctioned apps. I'm going to mark these as unsanctioned so the data doesn't go there. The other uh aspect of shadow IT, which sometimes we need to think about, is this concept of risky integrations, right? This idea that, um, you know, there may be integrations that users are setting up to. So we'll talk about that in just a second. But from a CASB perspective, Zscaler can give you that visibility. You've got a robust uh cloud application catalog - thousands of attributes across different applications so you can understand for any application that's being connected, uh, has this been breached in the last couple of years? What are the terms of service? Is it PCI compliant? Um, and then you can say, okay, I'm going to allow this as a sanctioned app or an unsanctioned app. You can also, uh, control the sharing outside of a sanctioned app, right? So, using API you can say, hey, I saw Steve right-clicked on a sensitive piece of data inside of OneDrive. I'm going to remove sharing for that. Or if it's a piece of data, but it doesn't have sensitive information based upon our DLP engine, I'm going to let Steve share that. I can also look for malware that's coming into OneDrive, right? So it's using that same API. I can use our sandboxing technology to scan inbound data and say, okay, if this is suspicious content, uh, if it's got some malicious malware, I'm going to quarantine that so people in the organization can't access that, right? So these are all powerful things you can do for data sitting inside of your, uh, cloud apps and users connecting to cloud apps.
