Zero Trust

 View Only
  • 1.  CASB Dissected

    Posted Oct 12, 2022 11:30:00 AM
    Hello All,

    Does anyone have a good resource that "dissects" the inner workings of a CASB offering (Zscaler, Netskope, ProofPoint, iboss, etc)?

    Seems like "kabuki theater" with not a whole lot of ways to validate controls (i.e.-NIST RMF).

    If anyone has tried to peel back the onion and has some good insight/content, I am very interested.



    Sam Aiello
    Principal Security Architect
    Verizon Business

  • 2.  RE: CASB Dissected

    Posted Oct 12, 2022 11:32:00 AM
    Edited by Erik Johnson Oct 13, 2022 07:11:56 AM
    Several of the CASB service providers are FedRAMP-authorized. Their FedRAMP packages include a full SSRM control ownership delineation, NITS RMF control responses and a 3PAO security assessment.

    Erik Johnson CCSK, CCSP, CISSP, PMP
    Senior Research Analyst
    Cloud Security Alliance
    Leesburg VA