CASB Solution Provider – gControl Data Loss Protection for G Suite

Debasish Pramanik | March 25th, 2016 | gControl

According to research by 2020, 78% of the firm would be saving data in cloud. CASB (Cloud Access Security Broker) is an on-premises, cloud-based security policy that is enforced by cloud service consumers and cloud service providers. Organizations are now moving towards CASB Solution providers to prevent cloud service risks and to enforce security policies. If the user intends to use CASB to increase the confidence in your organization’s cloud service usage, consider taking a granular approach to policy enforcement and data protection.

Cloud Access Security Broker(CASB) has the following capabilities

  1. Identity
  2. Visibility
  3. Data Protection
The capabilities further contains
Identity Single Sign-On
Visibility Audit & Reporting Anomaly Detection
Data Protection Access Control Data Leakage Protection Mobile Data Protection Encryption
gControl supports the following
Identity Single Sign-On
Data Protection Access Control Data Leakage Protection

Getting familiar with CASB Solution

gControl is one of the best tool that helped the user to get CASB solution related to G suite. Cloud Access Security Broker help the user to get the data leakage prevention in the Google Apps that allow maintaining the data confidentiality and isolation. In this section, we will cover the tools that help in the identity and access control management in cloud account. Through Single Sign-On, data protection user can get the selective data and Access Control provides a powerful security layer. Hence it’s important to prevent data leakage using cloud computing.

Identity: Single Sign-On

gControl is a Single Sign On(SSO) solution and act as a Identity Provider. It uses SAML 2.0 to integrate with Google For Work. It has out of box integration with Microsoft Active Directory. This allows an organisation to leverage their existing identity providers to manage identities.

Data Protection: Access Control

gControl act as a powerful security layer on top of Google For Work providing control on accessing Google For Work on various attributes/parameter. gControl provides the virtual perimeter of IP based restriction to ensure enterprise users access their account from predefined IP address. This will allow an administrator to ensure enterprise users doesn’t access the Google For Work account from a location which is not permitted such as home, airport or public internet location.

On the similar line, gControl provides device based restriction which allows the administrator to bind enterprise user’s Google For Work account to their workstation based on MACID. This will enforce users to access their enterprise Google For Work account through approved devices. Any attempt to access from the unauthorized device is notified to the appropriately authorized persons in the organization.

gControl also supports time and browser-based restriction to provide another set of attributes to control access enterprise Google For Work account based on the particular version of the browser and during a particular time interval of the day.

Data Protection: Data Leakage Protection

When an enterprise adopts Google For Work, it also opens the gate for the enterprise users to access their consumer Gmail account at their workplace or on the official workstation provided to the users. This could be a major gateway for data leakage for the enterprise. gControl provides consumer Gmail block i.e. it allows users to access their enterprise account but block users access to consumer Gmail without the need for any appliances or hardware. It also notifies the authorized person in the organization about such access by the user. The data leakage protection helps the user to get their data safe and protected from all the unauthorized access.

gControl also blocks enterprise users to use their enterprise account to access any third party application such as Pinterest etc. Many applications allow users to access their application using Google+ profile/account. gControl blocks the user when they try to access that application through enterprise accounts. So, data leakage protection is one of the major issue that needed to be scrutinized to protect your data.