What Is a Cloud Access Security Broker?
A cloud access security broker (CASB) is a service that is deployed physically or logically between an end user and a cloud app provider, providing visibility and control over cloud apps to enable their safe and productive use. CASBs are typically deployed in API mode, proxy mode, or a combination of the two.
There are four key areas of CASB functionality:
- Visibility & Risk Assessment
- Data Security
- Threat Protection
DISCOVER SHADOW IT & UNSANCTIONED APPS
CASBs shed light on both sanctioned and unsanctioned (“Shadow IT”) cloud app usage in an organization. This helps organizations better craft the appropriate policies necessary to ensure that their security and compliance requirements are met.
- Cloud app discovery: Leverage existing log files to automate discovery & categorization of cloud apps used
- Cloud app risk scoring: Rate overall risk for each cloud app based on regulatory requirements, industry certifications, and best practices
- Cloud app usage summary: Includes number of users, activities, traffic volume, and usage hours for each cloud app
MEET SECURITY AND COMPLIANCE REQUIREMENTS FOR SANCTIONED APPS
CASBs help organizations remain compliant with the various regulations and best practice standards on data security and data privacy.
There are several regulations regarding personally identifiable information (PII), personal health information (PHI), and credit card information (PCI DSS), among many others, that organizations must comply with.
- Regularly scan for sensitive and/or regulated data stored in cloud app services such as Office 365, Box, and Dropbox
- Benchmark cloud app security settings and configurations against regulatory requirements and best practice guidelines to identify deficiencies
- Identify ex-employees, contractors, partners, and suppliers that may have access to your cloud apps
- Control regulated data being moved to the cloud
ENFORCE REAL-TIME POLICIES TO PROTECT DATA
CASBs allow organizations to create and enforce security policies in real-time to protect valuable data. Examples of such policies include:
- Block a specific action or the account altogether
- Enforce multi-factor authentication
- Alert admins if a high-risk or anomalous activity is detected
Detect Anomalies and Prevent Threats
- Suspicious downloads to unmanaged devices (BYOD)
- Brute force attacks
- Account takeovers
- Cloud app access attempts from unusual locations or endpoints or risky IP addresses