How does a CASB work?

CASBs ensure network traffic between on-premises devices and the cloud provider complies with an organization's security policies, such as controlling access and identifying suspicious activity.

The value of cloud security brokers stem from their ability to deliverinsight into cloud application use across cloud platforms and identify unsanctioned use. This is especially important in regulated industries.

CASBs work in a discovery, classification and remediation process. The discovery process identifies in-use cloud applications, the classification process assesses each application and creates a risk factor, and the remediation process identifies and resolves detected threats based on the organization's security policy.

CASBs use auto-discovery to identify cloud applications in use, high-risk applications, high-risk user devices and other key risk factors. Cloud access security brokers enforce several different security access controls, including encryption and device profiling. They can also provide other services, such as credential mapping when single sign-on (SSO) isn't available andthreat intelligence.

CASBs sit between an organization's on-premises software and a cloud service's infrastructure.

4 pillars of CASB

A CASB acts as a gatekeeper, enabling organizations to extend the reach of their security policies beyond their own infrastructure.

The core components of a CASB are the following:

1. Visibility.Visibility is an important aspect of creating a secure environment. In a cloud environment, organizations typically have limited visibility and insight into the cloud provider's underlying infrastructure. CASBs improve visibility for cloud usage with access logs that provide insights on corporate cloud infrastructure and attempted attacks. CASBs can also help detect instances ofshadow IT.
2. Compliance. Different regional regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) or the General Data Protection Regulation (GDPR), mean organizations must make sure their cloud provider complies with any regulations that might apply to the organization and its customers. CASBs define strict access controls to help comply with data regulations.
3. Threat protection. Employees might unintentionally introduce malware-based threats to cloud-based services. A CASB tool can detect and prevent potential threats. Any file upload, for example, can be inspected before it's sent to the cloud.
4. Data security. CASBs providedata security through access management and data loss prevention (DLP) processes that help secure an organization's cloud-based data.

I

Key benefits of a CASB

The principal benefit of a CASB is that it facilitates secure connections between users and cloud services. To achieve a secure environment, CASBs offer the following features:

• Authentication to check users' credentials and ensure they only access appropriate company resources -- this is meant to complement identity and access management (IAM) tools.
• Web application firewalls to thwart malware designed to breach security at the application level rather than at the network level.
• DLP to ensure users cannot transmit sensitive information outside the organization.
• Shadow IT discovery to identify all unauthorized cloud applications in use and to evaluate the risks associated with each.
• Access control to set restrictions on what users can see and do within company applications, helping users gain access to the resources they need.
• Visibility features to identify all the cloud services being used within an organization and offer user and data activity monitoring.
• Threat protection features, which includebehavioral analytics and malware detection to help restrict access bythreat actors.

Challenges of using a CASB

Despite the many important benefits of a CASB, a few challenges need to be considered.

• Difficulty identifying devices not in a corporate infrastructure.
• Integration issues with other tools such as Zero Trust Network Access (ZTNA) or software-defined WAN (SD-WAN).
• Potential difficulty integrating CASB into an existing infrastructure.

Use cases for CASBs

CASB tools have evolved to include, or work alongside, other IT security services -- although some vendors still offer standalone tools. CASBs are particularly useful in organizations withshadow IT operations or liberal security policies that allow operating units to procure and manage their own cloud resources.

Potential uses for CASB tools include the following:

• Data security. CASBs collect and configure granular access to data. DLP features also enable users to protectsensitive data that is transferred to or from a cloud service.
• Protection against malware. CASBs can protect against cloud-based malware threats that users might accidentally introduce to the environment.
• Monitoring. CASBs can continuously monitor users by activity, application, cloud service usage and identity. CASBs can also be used for budgeting purposes.
• Compliance. Organizations can use CASBs to assesscompliance with security, regulatory and legal standards.
• Cloud application usage tracking. CASBs can provide a way to view cloud application usage, making it easier to identify abuse and usage patterns.
• User behavior analytics (UBA). Usage tracking serves as a foundation for more sophisticated behavior tracking, as the same data is subjected to more detailed analysis.
• Integrations. CASBs can integrate with other tools, such as firewalls, IAM andendpoint security.

Inline vs. API-based CASBs

CASBs can be based on an inline proxy or an application programming interface (API). Each provides the necessary security to protect the data heading to a cloud service.

Before data traffic reaches a cloud vendor, an inline proxy-based CASB captures the transaction and provides the required security protection. The proxy helps facilitate the CASB connection. It is also the way early CASBs handled data traffic.

API-based CASBs, by contrast, deliver security activities on data heading to the cloud through APIs already in place in SaaS cloud services. This way a separate arrangement for handling proxies can be eliminated.

Cloud access security broker vendors and resources

There are numerous vendors that provide CASBs. The following is just a sample of vendors and tools in the cloud access security space:

• Broadcom Symantec CloudSOC CASB. The system provides tools for ensuring compliance, DLP and a variety ofanalytics.
• Cisco Cloudlock. An API-based CASB that usesmachine learning for threat identification.
• Forcepoint CASB. Provides services including behavior analysis and enforcement of security policies.
• Fortinet FortiCASB. Cloud-native service that delivers security, threat detection, visibility and compliance.
• Lookout CASB (Now Fortra CASB). Secure access controls and extensive threat protection.
• Microsoft Defender for Cloud Apps. Integrates with Microsoft 365 and Azure, providing a wide range of security features.
• Netskope One CASB. Delivers visibility into cloud environments, DLP and protection from cyberthreats.
• Palo Alto Networks Prisma Cloud. Driven byAI, delivers consistent security across cloud activities.
• Proofpoint CASB. Integrates with email security elements and detects potential breaches.
• Skyhigh CASB. Provides support for compliance and delivers advanced threat protection and access management.
• Zscaler CASB. Delivers inline and API-based CASB support using azero-trust security framework.

To meet the needs of infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) users, CASB vendors have added or expanded functionality for security tasks, such as the following:

• Single sign-on. Enables employees to enter their credentials one time and access several applications.
• Encryption. Encrypts information from the moment it's created until it'sat rest in the cloud.
• Compliance reporting tools. Ensures the company's security systemscomply with corporate policies and government regulations.
• User behavior analytics. Identifies aberrant behavior that could indicate an attack or data breach.

Future of CASB in SASE

CASBs will continue to be adopted in secure access service edge (SASE) architectures. SASE is a cloud architecture model that bundles network and cloud-native security technologies to deliver them as a single cloud service. A SASE solution helps an organization unify its network and security tools in one management console. These tools typically bundle SD-WANs with network security measures, such asfirewall as a service, secure web gateways, zero-trust network access and CASBs.

CASBs are commonly included in SASE tools, as they provide the access control, policy enforcement, threat prevention and visibility features that are essential to protecting cloud-based resources. Alongside other security and cybersecurity services CASB solutions will likely become a core component of SASE architectures.

The future of CASBs also depends on the increase and severity ofcyberthreats, such as ransomware; their ability to comply with key regulations, such as the GDPR, HIPAA and CCPA; and their ways of managing deployment costs.

Learn more aboutSASE and its use cases, as well as benefits and issues it presents for organizations.