What Is a Cloud Access Security Broker?

tball

A cloud access security broker (CASB) is a cybersecurity solution placed between an organization’s users and cloud service providers to provide visibility, monitoring, threat and data protection, and security policy enforcement when cloud-based services and data are accessed.

Cloud access security brokers combine a variety of security services and technologies into one platform to give full visibility and control into cloud-based data and services including software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS).

Their two key functions are:

  • Discovering relevant data and applications whether they are stored on site or in the cloud, and whether the data is in motion or at rest.
  • Enforcing security policy so organizations are protected and can continue operating seamlessly.

CASBs employ enhanced cloud security with a range of capabilities such as authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, and malware detection and prevention.

Where does the term cloud access security broker come from?

The term “cloud access security broker” was coined by Gartner in 2012 as the firm noted a shift in how organizations stored and secured their data, devices, and apps.

Historically, companies stored applications and data in on-site data centers, but that model proved difficult to scale as data volumes grew, driving the popularity of cloud-based storage and applications. At the same time, companies started adopting remote and hybrid work models, with employees using personal devices to access the network from multiple locations. With so many unmanaged devices accessing data and applications in multiple cloud environments, IT teams lost insight into users, data, devices, and apps.

IT suddenly had a lot more to monitor with less control and access, posing new cloud security risks:

  • With data stored remotely and accessed over the internet using any device, it was more difficult to keep it secure and private.
  • User behavior became harder to track.
  • IT had to monitor third-party apps and services not owned by the organization.
  • Companies lacked the complete visibility they needed to prevent data breaches, non-compliance, malware, and more.

Security professionals originally used different security solutions from different vendors, but this was unwieldy and time-consuming to manage. IT teams had to run numerous tools to get a full picture and some solutions didn’t easily integrate with other platforms.

In response to this complexity, the cloud access security broker was born. It began life as on-premises hardware that functioned as a proxy solution distinct from the rest of the security infrastructure. The role of the CASB was to:

  • Discover and monitor all users, devices, and applications.
  • Provide visibility into how data and applications were being used and accessed in the cloud so IT could notice and prevent attacks.
  • Ensure user activity complied with the security policies of the firm.

Security professionals now had a single platform to monitor and control cloud-based data, devices, and applications.

What are the benefits of using a cloud access security broker?

Instead of having to find, install, and manage multiple security solutions from different vendors (which might not even work well together), CASBs provide all the necessary monitoring and policy enforcement for a SaaS environment in one platform. Benefits include:

  • Centralized visibility.
  • Fast, easy, single-vendor management of cloud security.
  • A cohesive ecosystem with integrated tools.
  • Visibility and control over all of an organization’s SaaS applications, avoiding the concern that something might be flying under the radar.
  • Enhanced data protection and compliance due to the ability to track and control who is accessing data and enforcing different policies depending on the user.
  • One central point of automated policy enforcement for greater consistency.

How does a cloud access security broker work?

CASBs integrate with existing security infrastructure to track and control cloud-based data and applications through a process of:

  1. Discovery. The CASB detects users, devices, and applications, including third-party cloud services, and undertakes real-time monitoring and threat detection.
  2. Assessment. The cloud access security broker issues alerts when suspicious activities are detected, classifying them based on the level of risk.
  3. Enforcement. Based on an organization’s security policies, the CASB manages user access to data and apps, enforcing desired controls on users, devices, and/or data.
illustration on how does a CASB work.

What features should I look for in a cloud access security broker?

When it comes to choosing a cloud access security broker, it's important to consider criteria such as the organization’s current technologies, security needs, and budget. Maybe most importantly, the CASB should satisfy Gartner’s four cornerstones (also called pillars):

  • Data security and encryption. On-premises data loss prevention (DLP) tools don’t extend to the cloud, so any CASB should provide data security and encryption capabilities. This will help stop confidential or sensitive data from being leaked to the public or bad actors and include tools such as access controls, collaboration controls, DLP, encryption, information rights management, and tokenization.
  • Threat protection and anomaly detection. The cloud access security broker needs to spot and stop cyberattacks and malware by detecting questionable activity such as improper access to data or apps. It will use technology like URL filtering to do this. Many CASBs also use machine learning and large-scale analytics to detect threats more efficiently and atomate alerts.
  • Compliance management and reporting. Organizations in certain industries may be required to comply with laws such as HIPPA or the EU’s GDPR, whether their data or services are on-site or managed by a third party. Therefore, the CASB needs to offer tools like reporting, automated remediation, and policy enforcement to give insight into and control over every inch of the cloud ecosystem.
  • Visibility and management of cloud application usage. One of the biggest challenges with the proliferation of cloud usage is shadow IT—devices, systems, or applications not officially documented that can therefore introduce unknown security risks. It’s crucial for any CASB to have full visibility into how data is being shared and accessed, as well as all apps being accessed, by whom, how they’re being used, and which apps are accessing organizational data.
Illustration of what features should I look for in a CASB.

How do I implement a CASB?

There are a few ways to implement CASBs. The inline method sets up the cloud access security broker as a proxy that intercepts traffic, sitting between the device accessing information and the cloud storage location or application being accessed. In this way, it protects data in motion.

Some cloud applications lack a way to redirect traffic to a proxy-based CASB, meaning the full cloud environment may not be visible via the inline method alone. This is where an API-based implementation may be needed, protecting data at rest and providing more complete visibility. Since there isn’t a need to reroute traffic, an API-based CASB can enforce security policies across multiple SaaS and IaaS without affecting user connectivity.

In reality, a combination of both types of CASB is probably best.

Where can I get help with a cloud access security broker?

Trend Vision One™ Cloud Security enhances cloud visibility, cloud risk management, and operational efficiency while empowering cloud and hybrid cloud security. Centralized dashboards provide real-time risk assessments, exposure management, monitoring, and predicted attack paths. With comprehensive visibility and control, continuous assessment and prioritization, and simplified compliance and cost management, organizations can use Cloud Security to identify and respond to threats quickly both on-premises and in the cloud.

Related Articles