CASB: What is it?
Gartner defines cloud access security brokers (CASBs) as on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs can combine multiple types of security policies such as authentication, encryption, malware detection and more. You can think of it like the checkpoint between your network and the cloud, that enforces your organization’s security policies.
Do I need a CASB?
As organizations increasingly rely on cloud-based applications to support expanding hybrid workforces, the security of sensitive data becomes critical. CASBs offer a range of security benefits structured on these 4 pillars:
Visibility
CASBs allow companies visibility and control across managed and unmanaged cloud services, as well as sanctioned and unsanctioned devices. This lets IT departments see what cloud apps and services are being used, identify unsanctioned use, restrict certain functions of apps depending on the device, etc. As an additional benefit, this high visibility allows companies to find redundancies in usage and can reduce costs.
Data Security
Data Loss Prevention (DLP), working in conjunction with a CASB system, protects all data traveling within, to, and stored in the cloud. When sensitive information is detected, it can be intercepted by IT for analysis. A great way to think about it is a quote from data scientist Arpit Goel, published in this 2020 LinkedIn article. “If data is the new oil, business applications are the oil distribution system including pipelines and reservoirs, then DLP is the sensor technology to monitor if there are any holes in the distribution system and fix them.” The goal is identifying and stopping malicious activity, or “holes”, before it escalates.
Compliance
Through a CASB, encryption of data at rest protects data stored on the cloud against a data breach. It also provides control to ensure data stored outside the organization meets all compliance as per the regulatory requirements. CASBs provide out of box visibility for various compliance such as PHI, PCI, PII and HIPAA. It also ensures organization DLP is monitored on shared data items.
Threat Protection
By aggregating and understanding typical usage patterns, CASBs can scan across cloud services to detect potentially malicious activity in real-time, identifying anomalies in user behavior and sharing or downloading infected files, with the use of machine learning. They can also prevent unauthorized users from accessing cloud services through compromised accounts.
How does a CASB work?
Here’s a diagram that illustrates how CASBs function:
Figure 1: How CASBs function (Source: TechTarget)
CASBs use a 3-pronged approach to offer visibility across both sanctioned and unsanctioned, apps and data in the cloud. This visibility allows CASBs autodiscovery to identify high-risk users and applications, identify and remediate security threats, and tailor security to a company’s specific needs. Risk factor is determined by what the application is, what type of data is contained within the application, and how it is shared.
Figure 2: CASB 3-prong model
Use Cases
Shadow IT, as reported here by Microsoft, can comprise up to 60 percent of an enterprise’s cloud services and a CASB offers a full picture of all cloud-based applications in use. With this granular visibility, a company’s CASB can govern usage among employees and tailor actions such as bypassing, encrypting, and quarantining specific apps to comply with policies and regulations.
Continuous monitoring with auto-discovery allows IT departments to set up policies to be alerted when new apps are discovered and detect changes in usage patterns of existing apps. Usage patterns are particularly useful in detecting anomalous behavior which could indicate a security threat. Alerts can also be set for unsanctioned apps attempting to exfiltrate sensitive data so that these situations can be handled quickly to limit organizational impact.
CASBs also enable detailed audit trails of user accounts across on-prem and cloud services. This allows IT personnel to track and retrace actions such as sign-ins, uploads, and downloads in the event of a data breach. In the unfortunate scenario of an employee being a threat to your company, tracking user accounts allows quick intervention by identifying and suspending relevant accounts to prevent sensitive data exfiltration.
Conclusion
Is a CASB alone enough cloud security? The short answer is no.
A CASB should be used in tandem with other technologies such as data loss prevention (DLP), web application firewalls, and secure web gates. By combining a multitude of security and networking technologies a company can develop a Secure Access Service Edge (SASE) architecture.
Figure 3: Secure Access Service Edge (SASE) (Source: Cavell Group)
Though CASB is a critical component of this architecture, additional services can give your company a robust cloud security that can evolve along with your company’s needs. With multiple vendors available for CASB, evaluate what capabilities your company may utilize most and compare system features such as ease of use and implementation time.
SCHEDULE YOUR FULL HALOCK SECURITY BRIEFING
