What is a cloud access security broker (CASB)?

Key features of a CASB

CASBs typically offer the following:

1. Authentication to check users' credentials and ensure they only access appropriate company resources -- this is meant to complement identity and access management (IAM) tools.
2. Web application firewalls to thwart malware designed to breach security at the application level rather than at the network level.
3. Data loss prevention (DLP) to ensure users can't transmit sensitive information outside the organization.
4. Shadow IT discovery to identify all unauthorized cloud applications in use and to evaluate the risks associated with each.
5. Access control to set restrictions on what users can see and do within company applications.
6. Visibility features to identify all the cloud services being used within an organization and offer user and data activity monitoring.
7. Threat protection features, which include behavioral analytics and malware detection.

4 pillars of CASB

A CASB acts as a gatekeeper, enabling organizations to extend the reach of their security policies beyond their own infrastructure.

The core components of a CASB are the following:

1. Visibility. Visibility is an important aspect of creating a secure environment. In a cloud environment, organizations typically have limited visibility and insight into the cloud provider's underlying infrastructure. CASBs improve visibility for cloud usage with access logs that provide insights on corporate cloud infrastructure and attempted attacks. CASBs can also help detect instances of shadow IT.
2. Compliance. Different regional regulations, such as the Health Insurance Portability and Accountability Act or General Data Protection Regulation, mean organizations must make sure their cloud provider complies with any regulations that might apply to the organization and its customers. CASBs define strict access controls to help comply with data regulations.
3. Threat protection. Employees might unintentionally introduce malware-based threats to cloud-based services. A CASB tool can detect and prevent potential threats. Any file upload, for example, can be inspected before it's sent to the cloud.
4. Data security. CASBs provide data security through access management and DLP processes that help secure an organization's cloud-based data.

How does a CASB work?

CASBs ensure network traffic between on-premises devices and the cloud provider complies with an organization's security policies.

The value of cloud access security brokers stems from their ability to give insight into cloud application use across cloud platforms and identify unsanctioned use. This is especially important in regulated industries.

CASBs work in a discovery, classification and remediation process. The discovery process identifies in-use cloud applications, the classification process assesses each application and creates a risk factor, and the remediation process identifies and resolves detected threats based on the organization's security policy.

CASBs use autodiscovery to identify cloud applications in use, high-risk applications, high-risk users and other key risk factors. Cloud access security brokers enforce several different security access controls, including encryption and device profiling. They can also provide other services, such as credential mapping when single sign-on (SSO) isn't available.

Use cases for CASBs

CASB tools have evolved to include, or work alongside, other IT security services -- although some vendors still offer standalone tools. CASBs are particularly useful in organizations with shadow IT operations or liberal security policies that allow operating units to procure and manage their own cloud resources.

Potential uses for CASB tools include the following:

• Data security. CASBs collect and configure granular access to data. DLP features also enable users to protect sensitive data that transfers to or from a cloud service.
• Protection against malware. CASBs can protect against cloud-based malware threats that users might accidentally introduce to the environment.
• Monitoring. CASBs can continuously monitor users by activity, application, cloud service usage and identity. CASBs can also be used for budgeting purposes.
• Compliance. Organizations can use CASBs to assess compliance with security, regulatory and legal standards.
• Cloud application usage tracking. CASBs can provide a way to view cloud application usage, making it easier to identify abuse and usage patterns.
• User behavior analytics (UBA). Usage tracking serves as a foundation for more sophisticated behavior tracking, as the same data is subjected to more detailed analysis.
• Integrations. CASBs can integrate with other tools, such as firewalls, IAM and endpoint security.

Cloud access security broker vendors and resources

There are numerous vendors that provide CASBs. The following is just a sample of vendors and tools in the cloud access security space:

• Broadcom Symantec CloudSOC CASB.
• Fortinet FortiCASB.
• Microsoft Defender for Cloud Apps.
• Netskope One CASB.
• Skyhigh CASB.

Microsoft also includes CASB functionality in its base Azure security services at no extra charge.

To meet the needs of infrastructure-as-a-service and platform-as-a-service users, CASB vendors have also added or expanded functionality for security tasks, such as the following:

• SSO. Enables employees to enter their credentials one time and access several applications.
• Encryption. Encrypts information from the moment it's created until it's sitting at rest in the cloud.
• Compliance reporting tools. Ensures the company's security systems comply with corporate policies and government regulations.
• UBA. Identifies aberrant behavior that could indicate an attack or data breach.

Future of CASB in SASE

CASBs will continue to be adopted in secure access service edge (SASE) architectures. SASE is a cloud architecture model that bundles network and cloud-native security technologies to deliver them as a single cloud service. SASE enables an organization to unify its network and security tools in one management console. These tools typically bundle software-defined wide area networks with network security measures, such as firewall as a service, secure web gateways, zero-trust network access and CASBs.

CASBs are commonly included in SASE tools, as they provide the access control, policy enforcement, threat prevention and visibility features that are essential to protecting cloud-based resources. Alongside other security and cybersecurity services, CASBs will likely become a core component of SASE architectures.

Learn more about SASE and its use cases, as well as benefits and issues it presents for organizations.