According to analysts from Gartner and elsewhere, every enterprise with a significant cloud presence needs a cloud access security broker to protect cloud-based data. CASB products can sit either on-premises or live in the cloud, but they all have the same basic function – providing a secure gateway for data traveling to and from the cloud, particularly with respect to SaaS applications and common cloud storage services like Box or Dropbox.
CASB products provide a variety of security measures, including access control, firewall, identity management, anti-malware, DLP, encryption and threat management.
So, what are the basic use cases for CASB?
Basic CASB authenticates users, sitting between users and cloud resources for purposes of audit and control. As cloud apps become increasingly popular with end users, the risk increases for inadvertent data transfer, actual data theft, and infection by cloud apps and data.
Plus, in the current political and legal climate, there can be inadvertent data exchange that violates corporate compliance policies.
If your company uses Salesforce, ServiceNow, Office365, Box, Dropbox, social media, and similar popular “BYOApps,” CASB becomes the registrar, auditor, connection broker, filter and infiltration/exfiltration monitor.
CASB enforces policy based generally on Active Directory/LDAP or other authentication methods and devices. Other single sign-on methods are also supported.
In our testing, we used Salesforce as a prototypical SaaS access test method. The web access model used by Salesforce, and the interactive nature of their online applications, is representative of an external line-of-business SaaS app.
At some point, CASB also either allies or competes with apps already being used for administrative and security control. These apps include firewalls, data loss prevention, anti-malware, and more. Every CASB product reviewed here must play well with third-party vendors, especially SSO/authentication vendors, who provide authentication nexus for cloud access.
Each CASB product reviewed here is a work in progress, but the progression is moving quickly.
An argument made long ago says that the fewer vendors in an equation, the better, but in case of CASB, that’s not necessarily true since CASB links an organizations internal architectures and construction (including private cloud) to the multi-vendor empires of cloud resources.
If your organization’s security only extends to the perimeter of your network, and if your end users are taking advantage of cloud resources, then you should definitely investigate CASB.