Detection and Response
How a Cloud Security Broker Reduces SaaS App Risks - SASE Part 4
Responsibility for protecting users and critical data in cloud applications falls to the organisations that use them. Discover how to maintain data control with Cloud Application Security Broker (CASB) technology.
- A Secure Access Service Edge (SASE) Guide for Leaders - SASE Part 1
- ZTNA vs VPN: Secure Remote Work & Access - SASE Part 2
- Secure Web Gateway (SWG) Security - SASE Part 3
- Data Exfiltration Prevention with SASE - Part 5
Data exposure from SaaS and cloud applications is an increasing risk factor facing businesses today. Depending on where your organisation is along its digital transformation, multi-cloud environments and cloud applications are likely being used for critical business operations.
There are good reasons to move to SaaS apps, such as their simplicity, reduction of administration, and cost reductions. Since the advent of cloud computing, applications like Microsoft Office, Salesforce, and Box™ have made themselves indispensable to modern business.
As with most changes, there are tradeoffs and compromises that need to be evaluated when considering SaaS apps, including the cloud’s lack of visibility and the security risks that come with it. These are further complicated by new threats, like the rise of shadow IT and unsanctioned apps, that were not as prevalent in on-premises security infrastructure.
As one piece of a multifaceted SASE solution, a cloud access security broker (CASB) can help to reduce the risks of using SaaS apps, whilst still reaping the benefits of enhanced data control. CASB provides protection to users and critical data through unified security policy enforcement across multi-cloud applications.
What is CASB?
CASB is a cloud-specific security solution used to monitor cloud infrastructure, identify potential threats of high-risk apps, detect unusual behaviour and ransomware, and take remedial action to enable more critical data control.
With many different specific functions between vendors to solve challenges in different ways, the key element of every CASB is that it acts as an intermediary between users and cloud service providers. The broker works to restore the visibility and control that is lost when resources are moved off-premises.
As a one-stop enforcement centre, consolidating multiple layers of security policy and applying them universally to every user and resource that connects to the cloud, CASB becomes a critical capability for any organisation. Using this array of capabilities, including data identification and identity management, the CASB applies security rules set by administrators to secure the organisations data and reduce the risk of spills or loss.
Countering Shadow IT
The use of unauthorised software presents a serious risk. This brings the issue of shadow IT back to centre stage—once a somewhat manageable problem has now become an unwieldly challenge for administrators tasked with securing business without slowing it down.
CASB provides granular visibility to user access, activity, and data. The implicit enforcement of policy delivered through the in-line nature of the capability covers every device connecting to cloud resources, including unmanaged smartphones and personal laptops. In securing these connections, the CASB provides the administrator with a complete view of the cloud applications being used and their usage pattern, without creating friction which can hamper productivity.
Securing Cloud Account Compromise
One of the core components of any enterprise network is the account and identity management system. Where an on-premises Active Directory service would have previously provided this capability, with separate applications often using another independent system, cloud provided identity is now a preferred choice.
This cloud-hosted identity enables capabilities such as federated access and single sign-on, greatly simplifying the management of enterprise accounts. However, now that this critical system is more pervasively used, the risks associated with it increase.
Even the most popular and reliable applications contain multiple vulnerabilities which attackers may exploit to breach the corporate network and steal critical or sensitive data. To prevent this, organisations need to streamline their security efforts and monitor user behaviour to protect both their employees and enhance data control.
A CASB can watch for anomalous usage in your environment, keeping tabs on suspicious activity to respond to breaches more quickly and minimise their damage. As an in-line tool, CASB can actively reduce the risk of a breach by identifying anomalous use of applications, the misuse of accounts, or data use abnormalities. For example, these factors, amongst others, can provide indications of potential incidents and CASB can thwart them before they begin by simply locking the account to remove access.
Addressing Security Gaps for Third-Party Services
While cloud service providers take every measure to secure the data you store on their services, under the shared responsibility model it falls to your organisation to protect the network and users. Given the ever-growing attack surface, password changes and multi-factor authentication might not be enough any more.
Deploying a CASB restores control to your organisation, allowing you to enforce policies for users and data by widely applying security policies to suit your specific needs.
CASB’s Role in SASE Architecture
SASE architecture offers a cohesive security solution by combining capabilities from two distinct areas: network and security.
As part of SASE’s internet-facing component, a CASB complements the threat-blocking capabilities of Secure Web Gateway (SWG) solutions and benefits from integration with the analytical power of extended detection and response (XDR). The disparate logs of these once discrete solutions combine to offer a more holistic view of your environment, allowing for the creation of a more thorough risk profile.
What to consider when implementing CASB
The variety of CASB solutions available to your organisation should be empowering, but it could also prove overwhelming. A few thoughtful questions can help to single out the best fit for your unique cybersecurity and data control needs.
Are all my critical applications supported?
Taking stock of which cloud applications your users depend on can help to trim down your CASB options. You should look for a solution that not only supports your most crucial applications but also offers added control to support your administrators.
Can I effectively take control of cloud security?
Improving security and control for your users, data, and network takes more than identifying thousands of data points. The right CASB solution will provide a way to filter this wealth of knowledge and take meaningful steps to improve your security posture.
What pricing option works best?
The limited visibility of a multi- or hybrid-cloud environment can put more than your data at risk—you might also feel the pain in your pocketbook. If you don’t consider the apps your users might be accessing on unsecured devices, a per-app pricing model could cost much more than one based on identities.
Does it integrate with other security solutions?
Adding another security solution can exacerbate visibility problems. Look for a CASB that is part of unified cybersecurity platform backed by broad third-party integrations and powered with XDR. This enables comprehensive visibility across your attack surface for better security posture, cyber risk management, and data control.
What is the right deployment option for my needs?
With the variety of deployment options to choose from, there will always be a CASB solution to suit your organisation’s needs. But consider your resources before committing to one with prohibitive up-front commitments.
For more information on SASE and your cyber risk, check out the following resources: