Cloud access security brokers

What is a cloud access security broker?

Gartner's cloud access security broker definition (CASB) states that "CASBs are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed."

How does a CASB work?

A CASB acts as an intermediary service connecting on-premises devices and cloud applications. It ensures that network traffic between organizations' environments and the internet is intact and aligns with mandated enterprise security norms. A CASB service plays a significant role in securing cloud environments by enabling organizations to discover cloud applications and classify them into several categories to determine potential risks associated with them. It provides insights into the type and reputation score of each cloud app accessed by employees, enabling system administrators to facilitate the use of safe cloud apps and ban risky apps. CASBs perform deep packet inspection on network traffic and facilitate the reporting and monitoring of file uploads. Thus, the adoption of a CASB reduces the likelihood of security breaches for organizations.

The importance of CASBs

The term CASB was coined by Gartner in 2011 and has since revolutionized cloud protection software. In the midst of rapidly increasing variants of ransomware and network attacks, relying solely on encryption for data security is insufficient. It's become essential to employ CASBs to proactively assess data risks and monitor user activity to protect data shared across the internet.

CASB benefits

CASBs can be employed to either fill specific requirements in an organization or to perform a broad range of activities. Gartner's four pillars of CASBs from its Market Guide for Cloud Access Security Brokers provides a detailed market explanation and other information necessary for identifying and selecting CASBs for businesses. Listed below are the generic functions of CASBs from a data detection and security standpoint.

  • Analyzing cloud data and user activity

    CASBs discover shadow applications, user web requests, and files shared over cloud platforms. Deep packet analysis is one of the techniques employed to scrutinize every packet of data in transit, be it HTTP or HTTPS. Timely reports and analytics help analyze and block risky web applications to forestall potential data threats.

  • Adhering to data regulations

    A CASB can also help in identifying personal data instances in the cloud, which is a requirement of data privacy laws like PCI DSS and HIPAA. Monitoring sensitive data accesses in the cloud is also necessary to review and strengthen data security policies to meet data regulatory requirements.

  • Detecting security risks

    Both on-premises and cloud-based CASBs detect unauthorized user activity, malware attacks from the web, and other cloud security risks. Through timely identification and rapid incident responses, administrators can ensure that cloud-based resources can be used without subjecting the entire organization's network to risks.

  • Implementing security controls

    CASBs can enforce cloud security policies and controls to prevent unauthorized data from being transferred over the internet. Integrated with data leak prevention measures, CASB can secure sensitive data by monitoring and blocking file uploads to risky internet applications.

Types of CASB implementations

  • Forward proxy

    A forward proxy is a gateway server that monitors traffic initiated from endpoints. The proxy server can track and control web accesses in real time and report on the type of websites accessed by users based on the risk profile of the applications.

  • Reverse proxy

    A reverse proxy is a gateway server that sits between the endpoint and cloud applications; here, traffic is forwarded to the proxy server from the cloud applications accessed. The reverse proxy also helps in real-time threat detection and user activity management.

  • API-based CASB

    This type of CASB solution directly communicates with cloud applications at application program interface level, avoiding the network slowdowns caused by the analysis of data packets. However, this CASB mode doesn't work in real time, and users can access cloud platforms without restriction.

    These modes can be deployed individually or combined, depending upon the needs of the organization. Evaluate the deployment modes based on not just ease of employment but also the extent of sensitive data shared on cloud platforms, existing levels of control on user activity, and the data leak prevention systems that are already in place.

Cloud protection with DataSecurity Plus

DataSecurity Plus is a unified data visibility and security platform that offers real-time web auditing and schedule-based reporting to track, analyze, and manage user or data activity. Use Data Security Plus' Cloud Protection module to closely monitor web applications accessed by users. Other features include:

  • Cloud application discovery to monitor all web accesses to the cloud.
  • Assessment of websites with risk profiling within the console to identify shadow IT and risky applications.
  • Controls to allow or block risky websites by identifying malignant domains.
  • Deep packet inspection to analyze HTTPS traffic passing through the internet.
  • Review of file uploads to cloud applications like Dropbox or SharePoint.
  • Analysis of user activity in the cloud, including tracking of e-commerce or gaming websites accessed.

Try all these features and more in DataSecurity Plus' Cloud Protection module with a free, fully functional, 30-day trial.

Download the trial
Email Download Link