What Is a CASB?
A Cloud access security broker, or CASB, is cloud-hosted software or on-premises software or hardware that act as an intermediary between users and cloud service providers. The ability of a CASB to address gaps in security extends across software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) environments. In addition to providing visibility, a CASB also allows organizations to extend the reach of their security policies from their existing on-premises infrastructure to the cloud and create new policies for cloud-specific context.
CASBs have become a vital part of enterprise security, allowing businesses to safely use the cloud while protecting sensitive corporate data.
The CASB serves as a policy enforcement center, consolidating multiple types of security policy enforcement and applying them to everything your business utilizes in the cloud—regardless of what sort of device is attempting to access it, including unmanaged smartphones, IoT devices, or personal laptops.
With the increase in workforce mobility, the growth in BYOD and the presence of unsanctioned employee cloud usage, or Shadow IT, the ability to monitor and govern the usage of cloud applications such as Office 365 has become essential to the goal of enterprise security. Rather than banning cloud services outright and potentially impacting employee productivity, a CASB enables businesses to take a granular approach to data protection and the enforcement of policies—making it possible to safely utilize time-saving, productivity-enhancing, and cost-effective cloud services.
The evolution of the CASB
Before the rise of cloud computing and BYOD policies, enterprise security existed in the same “walled garden” model that it had for more than a decade. But as services began originating in and shifting to the cloud—and employees began using these cloud services, with or without prior knowledge or approval of IT—businesses began looking for a way to enforce consistent security policies across multiple clouds and safeguard both users and corporate data.
The development of the cloud access security broker (CASB) allowed enterprise security professionals to gain visibility into the cloud, particularly unsanctioned software-as-a-service (SaaS) usage, or Shadow IT.
The insights provided by their CASB were shocking to many IT managers, who soon discovered that cloud usage in their enterprise was much deeper and more pervasive than they had imagined. According to the 2019 McAfee Cloud Adoption and Risk Report, while the average IT professional thought the business utilized around 30 cloud services, in reality they were using an average of 1,935.
While stemming the threats resulting from Shadow IT was a primary use case, it wasn’t the only thing that drove widespread adoption of CASBs. During this time, many businesses were moving their data storage capabilities from on-premises data centers to the cloud. This made CASB, which protected both the movement of data (by restricting things like access and sharing privileges) and the contents of the data (through encryption) even more essential.
While this change was taking place, the threat landscape was also being altered. Today, malware is more pervasive, phishing is both more elegant and better targeted, and small mistakes—for example, opening an AWS S3 bucket to the public—can create a security hole that could cost millions.
Because CASB security measures include features specifically designed to address these issues, the use of a CASB is now regarded as essential elements of enterprise security. According to Gartner (who first coined the term CASB in 2011), by 2022 60% of large enterprises will use CASBs—triple the number that used them at the end of 2018.
What CASBs offer
Many CASB security features are unique compared with those offered by other security controls such as enterprise/web application firewalls and secure web gateways, and may include:
- Cloud governance and risk assessment
- Data loss prevention
- Control over native features of cloud services, like collaboration and sharing
- Threat prevention, often user and entity behavior analytics (UEBA)
- Configuration auditing
- Malware detection
- Data encryption and key management
- SSO and IAM integration
- Contextual access control