A cloud access security broker (CASB) is a software tool or service that sits between an organization’s on-premises infrastructure and a cloud provider’s infrastructure. CASB can be understood as a gatekeeper which allows the organization to extend its security beyond its foundation.
CASBs work by making sure that network traffic within on-premises devices and the cloud provider complies with the organization’s security policies. The value of CASB stems from their ability to give insight into cloud application uses across cloud platforms and identify unsanctioned use. This is especially important in regulated industries. CASBs use auto-discovery to identify cloud applications in use and identify high-risk applications, high-risk users, and other key risk factors. CASBs may implement a number of different security access controls, including encryption and device profiling. They may also provide other services such as credential mapping when single sign-on is not available.
CASBs are particularly useful in organizations with shadow IT operations or liberal security policies that allow operating units to procure and manage their own cloud resources. The data that CASBs collect can be used for reasons other than security, such as monitoring cloud service usage for budgeting purposes. Vendors in the cloud access security space include Think Technology Services
Cloud Access Security Brokers are quickly emerging as a must-have security solution for organizations looking to adopt or already using cloud-based applications. These technologies fill in the gaps that cloud app vendors have left to the enterprise to solve—visibility and data security.
For many enterprises, security and compliance concerns hamper adoption of cloud applications. Furthermore, cloud applications are accessible from anywhere dragging mobile and BYOD security concerns into the picture. Cloud Access Security Brokers are a category of security tools that help enterprises safely enable cloud apps and mobile devices.
CASBs work by intermediating or “proxying” traffic between cloud apps and users. Once proxied, these tools provide:
- Visibility—audit logs, security alerts, compliance reports, etc.
- Data Security—access control, data leakage prevention, encryption, etc.
Together, these functions fill in the gaps otherwise encountered when an enterprise moves from internal, premises-based applications to cloud apps like Salesforce, Google Apps, or Office 365. For enterprises in heavily regulated industries, like Finance and Healthcare, use of a CASB might be the only practical approach to enabling cloud apps. More broadly, any organization with sensitive data to protect would be well served by considering this emerging solution category.
Some years ago, the user experience didn’t really matter that much. Employees didn’t have much of a choice and increased security always meant a poor user experience. Today, employees are quick to reject IT solutions that reduce their productivity. Enterprises must choose security solutions that do not hamper productivity.
- Privacy—Employees have not only an expectation but a right to privacy. Gone are the days when it is acceptable for IT to capture personal traffic in the security dragnet.
- Transparency— Usability has been a key adoption driver for many cloud apps and mobile devices. Employees are familiar with these technologies and have come to expect the same great experience with corporate applications that they enjoy in their personal applications.
- Mobility—Employees want to be able to go out and buy the latest and greatest device and connect to their work data and applications with no restrictions.
The advantage of using a CASB for cloud encryption is that it allows the enterprise to control their own encryption keys, ensuring that nobody can gain access to corporate data without the knowledge of the enterprise.
Looking for Multiple Solutions, One Console! Cloud Access Security Broker (CASB) for more details visit us!