gControl as a CASB solution

Debasish Pramanik | March 25th, 2016 | Articles

Cloud Access Security Broker(CASB) has the following capabilities

  1. Identity
  2. Visibility
  3. Data Protection
The capabilities further contains
Identity Single Sign On
Visibility Audit & Reporting Anomaly Detection
Data Protection Access Control Data Leakage Protection Mobile Data Protection Encryption
gControl supports the following
Identity Single Sign On
Data Protection Access Control Data Leakage Protection

Identity: Single Sign On

gControl is a Single Sign On(SSO) solution and act as a Identity Provider. It uses SAML 2.0 to integrate with Google For Work. It has out of box integration with Microsoft Active Directory. This allows organisation to leverage their existing identity provide to manage identities.

Data Protection: Access Control

gControl act as a powerful security layer on top of Google For Work providing control on accessing Google For Work on various attributes/parameter. gControl provides the virtual perimeter of IP based restriction to ensure enterprise users access their account from predefined IP address. This will allow administrator to ensure enterprise users doesn’t access the Google For Work account from location which are not permitted such as home, airport or public internet location.

On the similar line gControl provides device based restriction which allows administrator to bind enterprise user’s Google For Work account to their workstation based on MACID. This will enforce users to access their enterprise Google For Work account through approved devices. Any attempt to access from unauthorized device is notified to the appropriate authorized persons in the organisation.

gControl also supports time and browser based restriction to provide another set of attributes to control access enterprise Google For Work account based on particular version of browser and during particular time interval of the day.

Data Protection: Data Leakage Protection

When an enterprise adopts Google For Work, it also opens the gate for the enterprise users to access their consumer gmail account at their workplace or on the official workstation provided to the users. This could be major gateway for data leakage for enterprise. gControl provides consumer gmail block i.e. it allows users to access their enterprise account but block users access to consumer gmail without the need of any appliances or hardware. It also notifies the authorized person in the organisation about such access by user.

gControl also blocks enterprise users to use their enterprise account to access any third party application such as pinterest etc-etc. Many applications allows users to access their application using Google+ profile/account. gControl blocks the user when they try to access those application through enterprise accounts.