CASB - Is this a necessary tool in 2025?
Posted by V0lkswagenbus@reddit | sysadmin | View on Reddit | 7 comments
This technology looks great and could be helpful in my situation: 500 endpoints, 50/50 remote workforce. Azure AD joined, as well as VPN, Defender P2, and Huntress.
I see the benefits, although the cost is pretty high. How are others using this, and do you see it as a necessary tool in 2025?
Greendetour@reddit
Most medium to larger corporations I’ve run into use zscaler. Pricey, but they all have very strict data access or industry requirements. The smaller companies still use some sslvpn appliance or provide their remote users with a device (small firewall or wap that’s a one time cost) that connects their work machine to the office. Moving them to better solutions may not fit their immediate budget. So yes, some form is casb is an important layer in security.
Party_Worldliness415@reddit
If you're not inspecting or filtering internet traffic when you're outside a corporate boundary, that's a pretty big security oversight imo. It can be a bit shitty to implement but it's good for taking care of obvious shit like potential Data leakage sites and other inappropriate services that reinforce to employees that a work laptop is for work.
Ok-Attorney-8852@reddit
A Cloud Access Security Broker (CASB) is an intermediary security policy enforcement point between cloud consumers (users, devices) and cloud providers. In today’s digital economy, where conducting business increasingly shifts to the cloud, a CASB extends an organizations’ enterprise security policy umbrella to cover cloud resources as well as the transactions and data exposed when users access those resources.
Reference - https://versa-networks.com/sase/casb/
For example - Assume application Instagram. You can allow users to browse through reels but block them from liking or uploading anything in corporate networks. You can do this similarly for Gen AI apps. You can enforce users to use only enterprise accounts as well.
So, Yes. CASB is very important tool is current cloud era
jstuart-tech@reddit
Microsoft's solution to this is "Defender for Cloud Apps" (at least that's what it's called as of 21/3/25), I'm personally not a massive fan of it
They have also recently released Global Secure Access, which I believe is supposed to compete with the other solutions you mentioned, but it's not apart of any exisiting licences (e.g. E3, E5), it's it's own thing, or you can buy Entra Suite.
learn-by-flying@reddit
CASB can be as simple as a conditional access policy, for example an endpoint which is Intune managed and domain joined is required to access and utilize an Azure registered app.
If you're all in on Azure/Entra this should be a very low cost increase in security posture.
V0lkswagenbus@reddit (OP)
Im talking more about the ZScaler and Netskope solutions that will route all the internet traffic through their servers for analysis and blocking
OverallTea737612@reddit
Hey