Cloud Access Security Broker has proven itself to be indispensible for cloud security. These days, nearly every organization has fully integrated the cloud in its day-to-day operations. This has led to a large amount of data flowing to and from the cloud, which has made it prone to various security threats. It becomes difficult for the IT department to keep a track of all the apps, cloud providers and data employees are accessing and hence, there is a need to implement a unified security control like CASB.
The classic definition of CASB is “Cloud access security brokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.” Simply put, CASB acts as a gate-keeper allowing the organizations to extend the reach of their security policies beyond their own infrastructure. It ensures that network traffic between on-premises devices and the cloud provider complies with the organization’s security policies. To understand CASB better let us have a look at the four pillars of CASB:
CASB provides a clear visibility and across various cloud services which covers users, devices, applications, data and actions. It reports on what your cloud spend is and provides an insight on Shadow IT. It even provides information about the authorized/unauthorized apps that the users are accessing and how often they use it.
Most SaaS vendors fail to offer data protection tool that ensure internal and external compliance, CASB helps fill the gaps. It identifies sensitive data in the cloud and enforces DLP policies to meet data residency and compliance requirements.
3. Data Security:
CASB helps implements data-centric security policies using controls such as encrypt, alert, block, tokenize and audit. It offers contextual access control as well as data leakage prevention.
4. Threat Protection:
CASB prevents unwanted users and devices from accessing cloud services. CASB also covers User Behavioral Analysis (UBA) and Entity Behavioral Analysis (EBA) for determining anomalies in the network and threat intelligence formation.
Now, let us have a look at important use cases of CASB:
1. Prevent data exfiltration
CASB reports on sensitive data being shared publicly inside and outside an organization. It finds all the cloud apps and reports on enterprise readiness of each cloud app. It can encrypt data before upload or upon download, thus preventing any security threat.
2. Data Loss Prevention (DLP):
The risk of a data being transferred cannot be determined without the ability to monitor, identify and categorize data going into the cloud. CASB integrates with a broader set of cloud services via API to scan data flowing through the cloud.
3. Reporting and Auditing:
CASB governs your organization’s cloud usage with granular visibility and control. It can provide detailed activity logs and other reports useful for compliance auditing and forensic purposes.
4. Early threat detection:
CASB has visibility of all the cloud applications, even the one using SSL encrypted connections which helps it in early detection of threat. Its analytics help to establish usage behavior baselines from which anomalous behaviors indicative of potential threat can be detected and alerts can be generated.
With the increasing number of cloud applications and technologies being used, CASB has emerged as a critical security technology for cloud. By 2020, 85% of the employees will be using a CASB.