The days when employees and assets functioned only within the company network are long gone. Now, all that is required is a username and password to utilize the required IT resources from a remote location. The workforce can accomplish most role responsibilities from anywhere using mobile devices. The proliferation of remote work and cloud applications has increased productivity, enhanced the ease of use for many applications, and improved scalability through Software as a Service (SaaS) applications that don't require any physical infrastructure. At the same time, it has also increased the risk of shadow IT, data exfiltration, and insider threats.

Simply put, you may not know where all your data rests out of the numerous SaaS applications your employees might use. Research suggests that an average employee uses 10 SaaS applications everyday, and an average organization uses as many as 254 applications. These applications could be third-party analytics tools that ingest customer data sets, or consumer versions of approved enterprise apps like Microsoft 365 or Google Workspace, for example. The list goes on.

It is high time you broaden your security landscape with cloud protection capabilities. Cloud access security broker (CASB) can assist. CASB is a cloud-hosted or on-premises software or hardware that functions as an intermediary policy enforcement point between enterprise assets (both on and off the company network) and cloud-based applications, according to Gartner. With CASB, you can:

  1. Gain visibility into all the cloud applications used.

  2. Introduce policies to sanction or block shadow applications with the help of reputation scores.

  3. Prevent data exfiltration into third-party cloud apps.

  4. Become aware of user activity in the cloud.

Let's take a look at the three ways CASB works, followed by real-life use cases. The three methodologies are forward proxy, reverse proxy, and API scanning.

Forward proxy

It's straightforward. All traffic from your managed assets is forced to go through a CASB before accessing the different cloud applications. For this reason, the CASB can be considered a gateway server that resides at the periphery of your organization. Here, the CASB can control access to those applications, block or allow uploads, and perform deep packet inspection (DPI) and DLP in real time. DPI helps you analyze details about HTTPS traffic that attempts to travel through the CASB during a file upload into the cloud. With DPI enabled, you can uncover the name of file, the type of file, and the size of file. This gives you better context as you ascertain if this file is malicious or not.

With the forward proxy method, the CASB can monitor uploads and notify the system administrator of policy violations.

Reverse proxy

In reverse proxy, the cloud application being accessed redirects the user request to the CASB, which then validates the user's identity via Security Assertion Markup Language (SAML) and allows access. Reverse proxy can provide real-time data monitoring and block suspicious downloads.

Enterprises that practice BYOD can have control over unmanaged devices. The caveat is that it functions only with the sanctioned/approved cloud applications.

API scanning

While forward and reverse proxy deal with data in motion, an API-based CASB keeps track of data at rest, or data that has already been uploaded and is stored in multiple cloud apps. The CASB directly connects with the cloud app and scans its data. If a policy breach is discovered, the data is quarantined or access revoked before it leaks. API scanning may not control user access or provide real-time protection, but it can effectively protect the data that rests with the various sanctioned applications.

Use cases of forward proxy-based CASB

  1. Shortly before leaving his job, an engineer, who worked for a United States Navy contractor, transferred over 5,000 files to his Dropbox cloud and emailed a few of the documents to himself. These documents contained sensitive information about company finances and intellectual property pertaining to product designs.

  2. Pfizer is suing a former employee to prevent the sharing of confidential data stolen while the individual was still employed by the firm. The 12,000 stolen documents include knowledge about the development of a COVID-19 medication. The data was uploaded to multiple personal cloud storage accounts.

  3. Microsoft has 30,621 distinct phishing URLs, according to Vade Secure, a global cybersecurity company. Employees at an organization who use Microsoft cloud apps are at risk of credential theft or data loss due to HTTPS spoofing that impersonate legitimate Microsoft applications.

    A forward proxy CASB mitigates the risks described earlier by offering a single pane of glass view of all cloud apps that employees have access to. It equips administrators with a comprehensive view of all cloud apps based on traffic, upload size, and user activity.

    The integrated CASB capability of ManageEngine Log360, a comprehensive SIEM solution, checks the application's reputation and upload size, and alerts the IT administrator of possible anomalies. With DPI, you get better security context about the file that is being uploaded.

    Deploying a stringent network policy that binarily blocks or allows applications might be easy, but it hinders productivity and is not employee friendly. Given that cloud applications are here to stay, a CASB may be the best cloud security tool concerning data exfiltration.

Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
  •  
  •  
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks

     
     

© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.