A Cloud Access Security Broker (CASB) acts as an intermediary between cloud providers and cloud consumers to enforce an organization's security policies for cloud application access and usage.
As the workforce has evolved and grown more mobile, monitoring and classifying employees' access to and use of cloud applications has become critical to secure business operations.
As organizations continue to evolve and add cloud applications to their network, secure cloud application access and use is critical to business operations. There are multiple ways for attackers to use cloud apps as a way to get into the corporate network and exfiltrate sensitive data. Organizations need to monitor user behavior, protect sensitive data, and monitor third-party connected apps to protect their users and data.
The introduction of the cloud and, subsequently, cloud applications has provided businesses with a large amount of powerful tools at much lower cost. This is a great thing. With this transition, however, comes increased challenges around visibility and security. In short, no. Businesses should not be worried, but they should understand that they must deploy new tools like a CASB to help in securely utilizing cloud-native applications.
Similar to endpoint security and data center security, cloud security requires a comprehensive, holistic approach. A CASB is a critical component of cloud security, but businesses need additional solutions such as secure Web gateways, email security, public cloud monitoring solutions, next-generation firewall integrated cloud solutions, and others.
Visibility. The first obstacle for organizations trying to provide sufficient user security is visibility. In large organizations, there are a large number of users accessing multiple applications in multiple cloud environments. A CASB solution must provide significant visibility into user activity across all of the SaaS applications they access.
Threat protection. While significant user visibility is critical, visibility is not enough to achieve full user security. By leveraging the data and analytics gained by deep visibility, organizations can provide significant threat protection for their users. The exponential growth of multicloud activity has increased the attack perimeter, and IT professionals cannot keep up with all of the threat alerts. Large-scale analytics and machine learning allow a CASB solution to automate threat alerts and responses to achieve more robust, agile user security.
Control. The first step to helping ensure data security is control. Organizations should restrict access to areas where the information is not critical to an employee's job functions. Once attackers are in the network, they will attempt to move laterally to access secure data. While organizations may want to trust their employees and grant access, this can greatly increase the attack surface. When in doubt, limit access points to significant data.
Visibility. Similar to user security, visibility is a crucial step to promoting data security. Storing sensitive data across a multicloud environment can be terrifying. In addition, the explosion of cloud solutions and remote access points in organizations has increased the amount of data collaboration. More and more, organizations are sharing sensitive data across multiple cloud environments. Controlling access to sensitive data can be very effective, but there will constantly be newly forming connections within a network. As a result, organizations constantly need visibility into telemetry data to understand where their access policies need to be enforced.
Discover. Organizations oftentimes would be dismayed if they saw the number of applications their entire network uses. Applications can be very beneficial, but it is important to know which ones are accessing organizational data at any given time. A CASB solution should provide discovery and visibility of third-party connected apps and enable the customer to disconnect from risky or inappropriate apps.
Classify. Once an application is discovered, a CASB should classify it. In some scenarios, like Google Apps, these applications may unknowingly have access to sensitive data. While it may seem harmless, a malicious application can cause serious damage. To allow employees to work efficiently but safely, a CASB needs to quickly classify: What is this application? Is it safe? What data does it access? CASB solutions can leverage the data from community trust ratings to help identify the risk related to specific apps.
Disable risky apps. Once discovered and classified, the application should be enabled or disabled. In most cases, the application has been downloaded or accessed to improve an employee's productivity. If the application has been classified as safe and beneficial, and the permissions are appropriate, it can be left alone. If the application is classified as a threat, it should be immediately disabled.
Learn more about Cisco products and solutions related to Cloud Access Security Brokers (CASB)