Case study: the implementation of a CASB
Find out how Chérif Hemmet, solution expert, implemented a Cloud Access Security Broker (CASB) for one of our customers.
For security and privacy reasons, we cannot name the client in question. However, what details can you give us?
This client operates in the tourism sector. It is a company of more than 3500 employees, of international scope, which accompanies more than one million customers each year.
For what security needs did this customer call upon Orange Cyberdefense?
This company decided to migrate to the cloud via Office 365. They wanted to secure their data and control access to it. They needed a Cloud Access Security Broker, more commonly known as a CASB. A CASB analyzes data flows and scans documents in a cloud, allowing suspicious files and behavior detection.
As a very mature company on cybersecurity issues, it challenged several editors on the market, who had to demonstrate their solution’s reliability through a proof of concept. It was only once the editor had been chosen that the company called on our services to deploy it. It is mainly on the technical part that this customer needed our services.
What services were offered and why?
For a CASB to work at its best, specific prerequisites are necessary. There is no predefined configuration for this type of solution. We are on a tailor-made service, adapted to each customer and each context. To set the CASB parameters, rules must be defined for each target population. It is a matter of determining scenarios to parameterize the software; when a user behaves in a way that is considered suspicious, the CASB must trigger an alert.
Our client did a valuable and titanic job to configure these rules. He knew exactly what the needs and uses of the employees who would be using the CASB were. This information was used to establish the first rules of the solution. We then tested them on a sample of employees. Once the tests were successful, the CASB was deployed to the entire target population.
How were employees made aware of the use of CASB?
The company chose to raise awareness on a case-by-case basis. The alerts raised by the CASB were used to inform the employees concerned about their errors while giving them the keys to adopting a safer behavior.
Today, is the balance sheet positive?
A CASB is not technically challenging to set up if the preparation is well done. Our work was facilitated by the work done upstream by the company. Today, the customer is satisfied and even gives conferences about this operation during private events.
If we had worked with a less mature customer on cybersecurity issues, we would have had to help them define the use cases and rules to be put in place with the help of the Orange Cyberdefense Consulting and Audit team.
What are the next steps?
The customer is now completely autonomous. We are still there for any technical problem or question. This is not yet on the agenda, but perhaps we will accompany them in connecting their CASB to their internal network. This would allo