Gartner's cloud access security broker definition (CASB) states that "CASBs are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed."
The term CASB was coined by Gartner in 2011 and has since revolutionized cloud protection software. In the midst of rapidly increasing variants of ransomware and network attacks, relying solely on encryption for data security is insufficient. It's become essential to employ CASBs to proactively assess data risks and monitor user activity to protect data shared across the internet.
CASBs can be employed to either fill specific requirements in an organization or to perform a broad range of activities. Gartner's four pillars of CASBs from its Market Guide for Cloud Access Security Brokers provides a detailed market explanation and other information necessary for identifying and selecting CASBs for businesses. Listed below are the generic functions of CASBs from a data detection and security standpoint.
CASBs discover shadow applications, user web requests, and files shared over cloud platforms. Deep packet analysis is one of the techniques employed to scrutinize every packet of data in transit, be it HTTP or HTTPS. Timely reports and analytics help analyze and block risky web applications to forestall potential data threats.
A CASB can also help in identifying personal data instances in the cloud, which is a requirement of data privacy laws like PCI DSS and HIPAA. Monitoring sensitive data accesses in the cloud is also necessary to review and strengthen data security policies to meet data regulatory requirements.
Both on-premises and cloud-based CASBs detect unauthorized user activity, malware attacks from the web, and other cloud security risks. Through timely identification and rapid incident responses, administrators can ensure that cloud-based resources can be used without subjecting the entire organization's network to risks.
CASBs can enforce cloud security policies and controls to prevent unauthorized data from being transferred over the internet. Integrated with data leak prevention measures, CASB can secure sensitive data by monitoring and blocking file uploads to risky internet applications.
A forward proxy is a gateway server that monitors traffic initiated from endpoints. The proxy server can track and control web accesses in real time and report on the type of websites accessed by users based on the risk profile of the applications.
A reverse proxy is a gateway server that sits between the endpoint and cloud applications; here, traffic is forwarded to the proxy server from the cloud applications accessed. The reverse proxy also helps in real-time threat detection and user activity management.
This type of CASB solution directly communicates with cloud applications at application program interface level, avoiding the network slowdowns caused by the analysis of data packets. However, this CASB mode doesn't work in real time, and users can access cloud platforms without restriction.
These modes can be deployed individually or combined, depending upon the needs of the organization. Evaluate the deployment modes based on not just ease of employment but also the extent of sensitive data shared on cloud platforms, existing levels of control on user activity, and the data leak prevention systems that are already in place.