Businesses face a growing number of security threats. These threats present a unique challenge for organisations to update their defence mechanisms.
For this reason, CASBs have become a vital part of enterprise security. This new approach to security allows businesses to use the cloud while protecting sensitive corporate data safely.
Cloud access security brokers, or CASB for short, serve as a policy enforcement centre. They consolidate multiple security policy enforcement types and apply them to everything a business utilises in the cloud. It doesn't matter what sort of device is attempting to access it - unmanaged smartphones, IoT devices, or personal laptops.
In the months post-lockdown, there has been an increase in workforce mobility, with more companies adopting remote working as the norm. The growth in BYOD and the presence of unsanctioned employee cloud usage, or Shadow IT, the ability to monitor and govern cloud applications such as Office 365 are now all widely applicable. They have become essential to the goal of enterprise security. A CASB enables businesses to take a granular approach to data protection and the enforcement of policies. Organisations can then safely use time-saving, productivity-enhancing, and cost-effective cloud applications without security fears.
But what is a cloud access security broker or CASB exactly?
A cloud access security broker, or CASB, is cloud-hosted software or on-premises software or hardware that serves as an intermediary between users and cloud service providers. Its purpose is to address the gaps in security across software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) environments. A CASB provides visibility, allowing organisations to extend the reach of their security policies from existing on-premises infrastructure to the cloud and to create new policies for cloud-specific context.
To fully appreciate what a CASB does, it's essential to understand that it differs from the firewalls that organisations use to monitor and filter their network. CASBs can be used to spot strange or unusual user activity and provide the company with cloud access control. They give more visibility into cloud environments and offer granular control of cloud usage.
CASBs protect against cloud security risks. But they also serve to comply with data privacy regulations and enforce corporate security policies. Now that employees use personal, unmanaged devices to access corporate networks from multiple locations, companies face more cloud security risks than ever.
The rise of cloud computing has created the need for more consistent security across all premises, and CASB first emerged as the rise of cloud computing began the need for more consistent security across multiple premises or cloud-based environments.
CASBs let organisations gain deeper visibility into what is happening in their cloud and Software-as-a-Service (SaaS) deployments. This visibility allows them to protect all user and sensitive corporate data in these environments.
CASBs are the next logical step in addressing the evolving threat landscape in the digital domain. We're witnessing a new generation of blended threats, multiple exploits, and obfuscation technologies that make detection more complicated, and organisations need solutions that protect their data and make users more comfortable.
CASBs can also:
- Protect against malware and phishing attacks.
- Secure access to cloud services.
- Ensure cloud application security.
What are the benefits of using CASBs?
Many CASBs boast unique security features compared with those offered by other security controls such as enterprise/web application firewalls and secure web gateways. That makes CASB well suited for the challenges for consistently providing data security across multiple environments, including:
- Cloud governance and risk assessment
- Data loss prevention
- Control over native features of cloud services, like collaboration and sharing
- Threat prevention, often user and entity behaviour analytics (UEBA)
- Configuration auditing
- Malware detection
- Data encryption and key management
- SSO and IAM integration
- Contextual access control
Companies that use a CASB can apply the same secure web gateways to on-premises infrastructure and cloud applications. They can also combine different types of policy enforcement, such as:
- user credential authentication to restrict access only to approved cloud services
- data protection through encryption, tokenisation, or other means so sensitive information is not exposed in cloud services or to CSPs
- cloud service activity monitoring for user and entity behaviour
- analytics to spot and log anomalous usage patterns or compromised credentials
- data loss prevention (DLP) to safeguard sensitive information within the organisation's network
- Malware detection and remediation so sensitive information cannot enter the organisation's network
Another benefit of CASBs is that they may run in a corporate data centre, in a hybrid deployment that involves both the data centre and the cloud, or entirely in the cloud. These options give organisations plenty of flexibility and versatility to select the best-suited application for their current situation and budget.
If you focus on data-centric protection, you may lean towards requiring on-premises solutions to retain complete control over security infrastructure. Many mid-tier and large enterprises tend to avoid the delegation of responsibility and third-party trust requirement that cloud-only CASBs impose through the "Bring Your Own Key" (BYOK) model.
Furthermore, this may contravene internal or external policies, and as a result, a difficult position naturally extends to security services offered by the CSPs themselves. They may also require to whitelist the CASB's IP addresses.
Correspondingly, organisations can now choose between three types of CASB:
- API-only that delivers only management. Such CASB uses API access to SaaS apps to remediate after data-leakage events
- Multi-mode First-Gen that delivers management and security, but not Zero-Day protection. Such CASB offer signature-based protection for known data leakage paths and a fixed set of applications
- Multi-mode Next-Gen that deliver management, security and Zero-Day protection. Such CASB dynamically adapt to protect known and unknown data leakage risks and malware threats on any cloud application
Why are CASBs important?
Until recently, companies usually kept all their applications and data in a single, on-site data centre. This on-site model provided complete visibility and precise control over real-time access to corporate data.
Over time, as companies started moving data to the cloud and began using SaaS applications, the methods of acquiring insight about who is accessing and using their applications and data had to change. Consecutively, so did the technique for guaranteeing data protection.
This movement to cloud-based environments is where CASBs come in. Since being introduced, they have become a critical part of enterprise security. So much so that leading research and advisory firm, Gartner, forecasts 60% of large enterprises will use CASBs by 2022, up from 20% in 2018.