If one positive thing has come out of the COVID-19 pandemic, it is the realization that we can work remotely without negatively impacting the overall performance of an organization.
Remote connections for conferences, correspondence, collaboration, and data collection have now become part of “a day at the office.”
Of course, we had no choice, and the move came with some pretty unique security risks that we didn’t have before.
It is these new risks that we seek to reduce and prevent through the use of a CASB. In this article, we will tell you what a CASB is, its characteristics, uses, and examples of CASB solutions.
What is a Cloud Access Security Broker and How Does it Work
It can be a software or hardware solution tasked with protecting data and identity, preventing threats, and providing insight into the risks involved in connecting a network to other applications and devices in the cloud.
A CASB can be deployed on-premises or remotely to run as a SaaS in the cloud.
Gartner first defined CASBs in 2012 as “cloud-based or on-premises security policy enforcement points, located between cloud service consumers and cloud service providers to mix and interleave enterprise security policies as cloud-based resources are accessed.”
Typically, a CASB is used to analyze data streams and scan documents in the cloud to detect any malicious files or tools hidden within them. It is also used to gain granular insights and control over data usage information in the cloud.
The primary purpose of the CASB is to protect the organization’s sensitive data from theft, loss, or leakage. CASBs fill a security void created by the shift to the cloud and an explosion of endpoints.
The main functions of a CASB include:
a) Governance data:
- Control your organization’s cloud usage with granular visibility and a wide variety of controls based on user identity, service, application, activity, location, or endpoint.
- Automates the management of data policy violations through a variety of actions, such as block, abort, alert, encrypt, or quarantine.
- Provides the IT team with a summary of actions taken in response to policy violations.
b) Data security:
- Protects and prevents data theft, loss, or leakage across all cloud services and applications using encryption, tokenization, or other techniques.
- Establish data loss prevention (DLP) tools and processes for data in use, in motion, or at rest from any cloud service or application to any endpoint.
- Proactively monitors the cloud security environment for policy violations.
- Integrates CASB within the broader security strategy and security architecture.
c) Threat Protection:
- Establish full visibility and control over all organizational data across all cloud services.
- Identifies and isolates cloud-based threats, including malware and ransomware.
- Leverage artificial intelligence (AI), machine learning (ML), and other intelligent automation tools to detect anomalous behavior as well as threats like ransomware and malware.
- Continually evolve the CASB to respond to the ever-changing threat landscape and ensure continuous threat protection.
- Notify the cloud security team of any active threats or anomalous activity.
Differences Between a Common vs. a Good Cloud Access Security Broker (CASB)
A CASB must have at least four basic characteristics to be called a smart solution. These features are:
- Data security: You must monitor data access and data sharing per applicable loss prevention policies. This security can be further enhanced with data labeling and encryption to ensure privacy and integrity.
- Threat Protection – This should act as a line of defense against internal and external threats arising from malicious user activity, malware, and dangerous or prohibited cloud services.
- Visibility: In addition to immediately identifying current and new cloud services being accessed, a CASB must assess the risks involved in accessing and using them. You should also watch out for shadow IT.
- Compliance – A CASB can be a useful tool when trying to achieve compliance with internal security policies or industry-standard external requirements, such as HIPAA or SOX.
Apart from the main four that we just looked at, there are a few more features that would contribute to creating a good CASB solution.
- Traffic monitoring and auditing to measure overall risk exposure across applications used or accessed within the architecture.
- Classification of each application discovered according to the risk that it could represent; would help determine the level of cumulative risk across the architecture. The analysis can also be used as a springboard for further threat mitigation actions.
- Rapid data scanning capabilities, powered by machine learning or supported by artificial intelligence, prevent data loss while providing insight into the data used. This must be supported with real-time reports on malicious activity or unauthorized access (and sharing) of sensitive data via email, chat, file sharing, forums, screenshots, or other methods.
- Efficient 24/7 security policy enforcement to stop threats and prevent data loss without impacting network performance or causing any deterioration of the user experience on endpoints.
- Ability to search within the network (antivirus, etc.) to detect malicious activity, compromised accounts, or unauthorized access attempts made by privileged account holders while working with internal and external data or applications.
- Being able to easily integrate with existing security infrastructure and all third-party security applications and tools for a unified, optimized security perimeter. It should also be future-proof and highly scalable.
- Capable of spanning the end-to-end network and monitoring entire stacks regardless of connection method, whether in a cloud, on-premises, or hybrid architecture.
Real-Life Examples of Good Cloud Access Security Broker (CASB)
After looking at the features that make a CASB great, we can now move on to see how they can be applied in a network:
- A CASB can discover the services running on a cloud platform and assess individual risks at the application level. You can then block connections to suspicious or banned apps instead of denying access to the platform entirely.
- A CASB can serve as a data protection barrier for an organization’s websites and cloud services. You can manage the security and compliance of access and use of SaaS, IaaS, and PaaS. Then, based on requirements, administrators can create one overarching policy or as many procedures as necessary to ensure compliance.
- Administrators can also prevent sensitive data from being transferred to or from unmanaged cloud applications, stop accessing specific compromised services, and avoid downloading or uploading sensitive information.
They can, for example, block employees from sending company emails containing sensitive data to your (external) staff or prevent data copying from an authorized cloud platform to an unauthorized one.
Organizations can stay on top of their industry compliance requirements and standards by using a CASB to track their levels of data security, access controls, and data encryption in motion and at rest, and also gain pre-defined customizable reports to be consumed by both local stakeholders and external auditors.
Ok, now it’s time to take a look at some of the CASB solutions that can help protect data and networks.
- Cisco Cloudlock
- McAfee MVISION Cloud
- Bitglass Cloud Access Security Broker