Security Bloggers Network 
SBN

Do user their own products

by Nat Kausik on April 1, 2019

dogfood

A good product is used by the vendor internally . If it is not good enough for the vendor, it is not good enough for customers.   How do CASB vendors stack up?  Two of our competitors don’t use their own product. 

If you want to check whether an enterprise has a CASB deployed inline with Office365, simply try to login as [email protected] on Office365 with browser network trace set up.  If the enterprise has a CASB inline, SSO will traverse the CASB.

For example, go to https://login.microsoftonline.com  and enter [email protected].    The network trace will show that SSO is routed via the Bitglass CASB portal.bitglass.com, thence to our ADFS IdP, in order to enforce contextual access control.  Specifically, users loging in from a trusted device, get enhanced access. Users logging in from an untrusted device get restricted access with session timeouts and DLP enforced.

bitglass_CASB_SSO

In contrast, go to go to https://login.microsoftonline.com  and enter [email protected].   You will note that SSO is not routed via the CASB, but goes direct to ADFS IdP, and no contextual access control is enforced. 

symantec-IDP

Likewise, go to go to https://login.microsoftonline.com  and enter jack@mcafee.com.   You will note that SSO is not routed via a CASB, but goes direct to Sailpoint IdP, and no contextual access control is enforced. 

mcafee-idp

The verdict is clear. If a product is not good enough for the vendor to use themselves, why should a customer pay for it?  

 


Recent Articles By Author
More from Nat Kausik

*** This is a Security Bloggers Network syndicated blog from Bitglass Blog authored by Nat Kausik. Read the original post at: https://www.bitglass.com/blog/eat-your-own-dog-food

Nat Kausik