What Is a CASB?

A Cloud Access Security Broker (CASB) acts as an intermediary between cloud providers and cloud consumers to enforce an organization's security policies for cloud application access and usage. 

As the workforce has evolved and grown more mobile, monitoring and classifying employees' access to and use of cloud applications has become critical to secure business operations.

Why do I need a CASB ?

As organizations continue to evolve and add cloud applications to their network, secure cloud application access and use is critical to business operations. There are multiple ways for attackers to use cloud apps to get into the corporate network and exfiltrate sensitive data. Organizations need to monitor user behavior, protect sensitive data, and monitor third-party connected apps to protect their users and data.

What does a CASB do?

A CASB solution sits between users and cloud platforms and serves as a central enforcement point from which organizations can manage a range of security policies. A CASB security solution applies security policies to virtually everything an organization does in the cloud.

Should I be worried about my users leveraging applications in the cloud?

You should not have to worry about leveraging cloud applications. While cloud adoption can introduce increased challenges around visibility and security, tools like a CASB can help in securely using cloud-native applications.

Is a CASB all I need for cloud security?

Similar to endpoint security and data center security, cloud security requires a comprehensive, holistic approach. A CASB is a critical component of cloud security, but businesses need additional solutions such as secure Web gateways, email security, public cloud monitoring solutions, next-generation firewall integrated cloud solutions, and others.

What is the difference between CASB and DLP?

Data loss prevention (DLP) tools focus on securing data against loss by enforcing policies that protect data inline in real time and data out-of-band at rest in the cloud. With CASB and DLP integrated, organizations can apply those same enforcement capabilities to cloud platforms and services.

Is CASB the same as SASE?

CASB is one element of a broader secure access service edge (SASE) architecture. CASB security typically protects cloud-delivered applications, whereas a SASE architecture converges networking and security functions in the cloud to flexibly secure a hybrid work environment. It includes SD-WAN capability integrated with rich security protections including but beyond what a CASB is designed to protect.

How is SSE connected to CASB?

Security service edge (SSE), the cloud-delivered security portion of a SASE architecture, is designed to tackle cybersecurity risk in hyper-decentralized, hybrid work environments. It delivers secure access, comprehensive cloud-delivered security services, and centralized management for better protection against threats.

Cisco Secure Access is an SSE solution that streamlines and simplifies secure connectivity and optimizes performance and security at every connection. With extensive security capabilities, converged in one solution, Cisco Secure Access mitigates security risk by applying zero trust principles and enforcing granular security policies. These capabilities include zero trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), firewall-as-a-service (FWaaS), DNS security, remote browser isolation (RBI), and more.

Main considerations when choosing a CASB

User security

Visibility. The first obstacle for organizations trying to provide sufficient user security is visibility. In large organizations, there are a large number of users accessing multiple applications in multiple cloud environments. A CASB solution must provide significant visibility into user activity across all of the SaaS applications they access.

Threat protection. While significant user visibility is critical, visibility is not enough to achieve full user security. By leveraging the data and analytics gained by deep visibility, organizations can provide significant threat protection for their users. The exponential growth of multicloud activity has increased the attack perimeter, and IT professionals cannot keep up with all of the threat alerts. Large-scale analytics and machine learning allow a CASB solution to automate threat alerts and responses to achieve more robust, agile user security.

Data security

Control. The first step to helping ensure data security is control. Organizations should restrict access to areas where the information is not critical to an employee's job functions. Once attackers are in the network, they will attempt to move laterally to access secure data. While organizations may want to trust their employees and grant access, this can greatly increase the attack surface. When in doubt, limit access points to significant data.

Visibility. Similar to user security, visibility is a crucial step to promoting data security. Storing sensitive data across a multicloud environment can be terrifying. In addition, the explosion of cloud solutions and remote access points in organizations has increased the amount of data collaboration. More and more, organizations are sharing sensitive data across multiple cloud environments. Controlling access to sensitive data can be very effective, but there will constantly be newly forming connections within a network. As a result, organizations constantly need visibility into telemetry data to understand where their access policies need to be enforced.

App security

Discover. Organizations oftentimes would be dismayed if they saw the number of applications their entire network uses. Applications can be very beneficial, but it is important to know which ones are accessing organizational data at any given time. A CASB solution should provide discovery and visibility of third-party connected apps and enable the customer to disconnect from risky or inappropriate apps.

Classify. Once an application is discovered, a CASB should classify it. In some scenarios, like Google Apps, these applications may unknowingly have access to sensitive data. While it may seem harmless, a malicious application can cause serious damage. To allow employees to work efficiently but safely, a CASB needs to quickly classify: What is this application? Is it safe? What data does it access? CASB solutions can leverage the data from community trust ratings to help identify the risk related to specific apps.

Disable risky apps. Once discovered and classified, the application should be enabled or disabled. In most cases, the application has been downloaded or accessed to improve an employee's productivity. If the application has been classified as safe and beneficial, and the permissions are appropriate, it can be left alone. If the application is classified as a threat, it should be immediately disabled.