In many ways, security a couple of years ago was truly a simpler time. Picture it: All your business’s data neatly (or, OK, not-so-neatly) contained behind a corporate network. Firewalls and malware detection schemes weren’t perfect, but they addressed the primary risks head-on. And as employees started bringing new programs in, the natural impulse was to monitor both those downloads and behavior on them. And block both.
The first wave of Cloud Access Security Broker vendors had to rely on network or proxy-based approaches because there wasn’t an alternative. Most SaaS platforms didn’t have good real-time APIs and call-backs (for example, Dropbox released its Dropbox Business API at the turn of 2015, and its webhooks, which provide near real-time functionality are, were also released pretty recently).
The problem with network-oriented approaches is that they rely on reverse engineering the application-specific traffic of the SaaS provider, which is costly. They can also change and break very frequently, which is sort of beside the point.
Now that the SaaS industry has matured, you can actually do near real-time monitoring, visibility and DLP based entirely on API. This is far superior, because it delivers much more fine-grained functionality (e.g., remove the shared link invite from external user X) and also it affects data wherever it goes, even if it’s outside the network.
Sookasa’s CASB platform, which is API-based, takes advantage of these dynamics.