Most of the today’s cyber security processes and tools are developed for applications hosted in protected data centers and endpoint systems. All these systems are owned and managed by the corporate enterprises where administrators could control how files were stored, accessed, and shared. But when it comes to cloud hosted applications, every cloud service provider has its own mechanisms for authentication and access control, activity monitoring capabilities, alerting system, and audit trails. As a result:
- The consumers or the security organizations often are unable to detect policy violations or indicators of potential attacks.
- Though the attacks are detected, it is difficult and time-consuming to pull together and correlate threat indicators and data from multiple applications.
So a new class of product has emerged to address the challenges faced by enterprises moving to cloud applications. The analyst firm Gartner has named it as Cloud Access Security Brokers (CASBs).
What is CASB?
Cloud access security broker is an on-premises or cloud-based platform that is placed between the consumers and providers of cloud service which helps the security teams to:
- Identify all the shadow IT cloud services in use and which pose threat to the organization.
- Evaluate the cloud services which meet security and compliance requirements using standard cloud registry and controls
- Enforce granular policies to regulate the handling of sensitive information and cloud application management policies for web proxy or firewall.
- Enforce privacy and data protection by encryption and tokenization of sensitive data.
- Provide different levels of access for cloud services based on user's device, location, and operating system.
Why is CASB important?
CASB is gaining importance for the following below reasons:
- It can mitigate the security risks of cloud application usage by providing various degrees of policy enforcement, data loss prevention and encryption mechanisms.
- It can help discover all cloud applications, report on cloud spending, find redundancies in functionality, monitor the license costs etc.
- It can protect against cloud malware and threats with the features like threat intelligence, static and dynamic malware analysis, prioritized analysis and remediation for threats.
- CASB's can help ensure compliance in the cloud like HIPPA, PCI, FFIEC, FFNRA etc.
Gartner’s 4 Pillars of CASB Functionality
Gartner organizes the capabilities of CASBs into four pillars of functionality namely:
Visibility: CASBs provide shadow and sanctioned IT discovery, as well as a consolidated view of an organization's cloud service usage and the users who access data from any device or location.
Compliance: CASBs assist with data residency and compliance with regulations and standards, as well as identify cloud usage and the risks of specific cloud services.
Data security: CASBs provide the ability to enforce data-centric security policies to prevent unwanted activity based on data classification, discovery and user activity monitoring of access to sensitive data or privilege escalation.
Threat protection: CASBs prevent unwanted devices, users, and versions of applications from accessing cloud services by providing adaptive access controls.
Selecting the right CASB Deployment solution
There are two deployment options for CASBs to monitor authorized applications
1. API Based Deployment
A CASB deployed in API mode is “out of band”; by which the users communicate directly with cloud applications, and the CASB obtains data from the applications through their APIs. This approach provides very detailed visibility into data at rest and user activities, including logins and logouts, file uploads and downloads, information sharing, and administrative actions.
2. Proxy-Based Deployment
A CASB deployed in proxy mode is “inline”; and the network traffic between users and cloud applications flows through the CASB proxy is achieved in one of two ways:
- In a forward proxy, traffic is routed to the CASB proxy by network devices or by agents on each endpoint.
- In a reverse proxy, cloud applications are configured to guide traffic through the CASB proxy.
Selecting the Right Cloud Access Security Broker
CASB is a relatively new technology thus the products differ widely in capabilities. The below factors can be used to compare CASBs in the market and select the one best fit your organization.
- Breadth of Application Coverage
- Depth of Security Controls
- Heuristics for Threat Protection
- Deployment Modes
- Integration with Security Solutions
- Cyber Intelligence for Cloud Applications
There is no doubt that the cloud-based services multiply the challenges faced by the organization and especially the enterprise security teams as they lose visibility of the applications, and control over devices and user behaviors. It is more likely that the entities will fall behind in terms of cloud security considering the current threat landscape; unless they find a way to extend visibility, threat protection, and policy enforcement to cloud applications. Cloud access security brokers are an innovative response to these challenges.
Finally, organizations must consider their priority in terms of choosing a CASB. Cloud brokerage should support their use cases now and in the future with an architecture that allows for any deployment option, services scalability, and rapid app coverage.
Rate this article: