9 Key Questions to Ask Every CASB Vendor


Tech Insights for ProfessionalsThe latest thought leadership for IT pros

Friday, June 18, 2021

Before adding a CASB to your security architecture, how can you ensure the solution is fit for purpose? Here are 9 questions you should ask every vendor.

Article 5 Minutes
9 Key Questions to Ask Every CASB Vendor
  • Home
  • IT
  • Cloud
  • 9 Key Questions to Ask Every CASB Vendor

Cybersecurity continues to evolve from on-premises to cloud, as more businesses operate applications, services and share data in various versions of the cloud. From hybrid to public, from PaaS to SaaS, the complexity of defending those data and services continues to grow as the threat landscape changes.

Evaluating CASB vendors is necessary

As part of their defensive posture, many businesses are adding cloud access security brokers (CASBs) to their firewalls and other tools. A CASB provides visibility into cloud and data usage, and supports compliance efforts to provide data security and threat protection. It can also help prevent the buildup of shadow IT and monitor changing patterns of use, providing the business with key insights. IFP reported in 2021 that some 50% of IT security professionals already use a CASB and that figure will only grow as cloud becomes the ubiquitous service for all firms.

Strong cloud security requires strong leadership

Equip your team with the right tools to improve visibility, reduce risk & respond to threats faster.


When it comes to the CASB vendor selection and buying process, the team responsible for cloud security, usually as part of a cloud center of excellence, must ensure they’re getting a product fit for purpose. Here are some critical questions that every CIO should ask when evaluating a cloud access security broker.

1. What is your solution's security value proposition?

Get the marketing stuff out of the way first and find out what they really offer. Most cloud access security brokers offer a range of features, some of which are probably not on the front page of the product guide. Establish all the features available across all tiers and focus on the products (and tiers or packages) that deliver the most value for your business.

Focus on usability features for the business and IT team, and return on investment as part of the finance equation to round out the overall proposition.

2. Does the solution provide true real-time visibility?

In the modern cloud, most service dashboards provide live monitoring of all activity. The same needs to be true of a CASB. There can’t be a delay between a breach or issue and IT or leadership knowing it. API and proxy-based CASBs offer different performance advantages, and CIOs need to know how that could impact reaction times.

3. Does your CASB support the protection of cloud data from end-to-end?

Many workers download files to their devices, which creates duplication and other issues. Being able to protect both managed and unmanaged data as it resides on both personal and corporate devices is a key function for the CASB.

4. Does the CASB help prevent unauthorized access?

A cloud access security broker alone is unlikely to block any suspicious activity as it’s only designed to report it. To respond automatically, the CASB needs to be integrated with other applications like identity access management (IAM) tools. You need to understand if the CASB provides such a feature, or if there are APIs or other plug-ins to support other applications that can prevent problems before it’s too late.

5. How do you enforce various or separate policies against multiple cloud instances?

The cloud is rarely just one application accessed by all users. Workers could have a mix of personal and business accounts in operation, while different teams could use varying versions of a cloud service. The CASB should be able to differentiate between them, or provide capabilities to create different rules for each variety.

6. How do you prevent sensitive data from moving away from secure platforms?

A typical occurrence during the business day is someone downloading a file from a sanctioned cloud application – for example, Microsoft OneDrive –  to a personal device against corporate rules and best practices. The CASB provider needs to explain how it detects this and what it does to prevent the transfer from taking place.

IFP cloud security buyers guide 2021 banner

7. How does the CASB work with common network blind spots?

Users often use corporate devices to access random cloud storage or other unsanctioned cloud services from home, airports or other remote locations. This creates the common situation where an approved device is accessing secure data or files over an insecure or unapproved application. The CASB provider needs to explain how they’d stop data being transferred over that network to an application, usually through network controls. Or they can explain how the cloud access security broker works with a security tool that can detect compromised network access points.

8. How does your CASB ensure safe collaboration in the cloud?

Many teams collaborate remotely and need access to cloud applications and data across a growing number of devices. Managing this level of sharing should be a key feature of a CASB, building in enforcement controls to protect sensitive information from being shared beyond teams, or stored insecurely.

The provider must demonstrate suitable rules, controls or plug-ins to ensure data safety across whatever collaboration services you use.

9. What’s on your CASB roadmap that’s of value to our business?

Every vendor or provider has plans to broaden the scope of their security tools, including CASBs. Discovering what features will be added over time, and whether they’ll be part of your planned tier, or cost more to benefit from, are key but thorny questions to ask.

CASBs in 2025 will likely be more integrated and support edge networking and cloud use cases, along with support for new means of collaboration and improved management insight. Keeping on top of these trends and identifying vendors with a clear goal should help you find a partner that’s better aligned to the needs of the business.

Every CIO will have their own specific questions to ask about compatibility with the cloud apps and services they use or plan to deploy. And many will have some quirky use of a cloud app that’s outside the norm. Asking these questions along with your examples should give you greater insight into the strengths and weaknesses of any CASB vendor or provider.

Further reading:


Tech Insights for Professionals

The latest thought leadership for IT pros

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.


Join the conversation...