CASB with Microsoft


(Rajeev Srikant) #1

We are in the planning phase of using Zscaler for our enterprise.
Recently Zscaler has an integration with Micro soft for CASB.
Would like to know the below.

  1. Zscaler does have inbuild DLP. What additional benefit does Microsoft CASB DLP provides ?
  2. Zscaler does have inbuild Shadow IT prevention. What additional benefit does Microsoft CASB provides ?
  3. Why Microsoft can provide more visibility for Cloud App which Zscaler by default can not provide ?

With Zscaler Integration with CASB is line or it is out of band ?


(Nick Morgan) #2

Hi @rajeev_srikant,

Some great questions. Pleased that you have heard about our MCAS integration. You might like to check out this great keynote from Scott Guthrie (EVP, Microsoft) at our recent Zenith cloud summit which covers this integration in more detail:

https://www.zscaler.com/zenithlive-2018-live-stream-watch?wvideo=o4u64e7dha

In the meantime here are some answers inline for you

Zscaler does have inbuild DLP. What additional benefit does Microsoft CASB DLP provides ?
Correct Zscaler can carry out inline inspection of outbound web content and files for sensitive content. Bear in mind Zscaler DLP is operating as a ‘data in motion’ solution so we must see the content passing through our Cloud Enforcement nodes, and be able to intercept the traffic (if HTTPS). MS O365 traffic is not possible to SSL intercept. Additionally much of the sensitive content that you wish to discover, monitor/control from a DLP standpoint may already be in the Microsoft cloud. Hence the need to consider a broader approach to DLP with regards that content.

Zscaler does have inbuild Shadow IT prevention. What additional benefit does Microsoft CASB provides ?

Yes that is also correct, Zscaler provides the ability to report on Cloud Application usage by employees, this includes risk ratings of the cloud applications and crucially Zscaler is able to provide customers within inline enforcement to control the use of Shadow IT by employees. That being said certain dedicated CASB solutions provide a richer database of Cloud Applications that provide enhanced visibility and reporting around the types of Cloud Applications being used. That is primarily what our customers will be leveraging when then send Zscaler Internet Access logs to their MCAS account. The latest MCAS integration means that Zscaler policies can be dynamically updated and enforced based on the latest policies and cloud application intelligence derived from a customers’ MCAS platform.

Why Microsoft can provide more visibility for Cloud App which Zscaler by default can not provide ?
(see above)

Please make contact with your local Zscaler account team so that they can assist you more with your planning.


(Rajeev Srikant) #3

Thanks.
Your inputs were really usefull