What is CASB and how it works (Cloud Access Security Broker)

For most of the people internet usage is 99% of web and 1% or less of email sent and received traffic. Since email is important for business, we tend to give equal importance to web and email gateway security solutions in corporate environments. But web usage has evolved through the years. It used to be simply receiving and displaying web pages with an occasional click or small text input. Nowadays advanced web applications are the prevailing type of web usage, ranging from social networks, to business applications like SaaS services with almost limitless functionalities and possibilities are the present and the future for doing business. Well, thanks god we have web security gateway solutions to protect that kind of working environments. Or do we?

Web security gateways do protect traffic between a corporate network and web. They detect and block malicious content, undesirable content, they do filtering of users, applications and locations, they can also do some bandwidth management. But working with web applications in corporate environments is, security wise, very much different. Traditional web security functionalities are not enough, because there is much more tendency on business data outside the corporate network. Special policies correlating business data, users, SaaS applications and data protection are unfortunately out of the scope of most of traditional web security solutions. Some web security solutions have some capabilities regarding cloud applications, but it’s mostly just limited to allowing or blocking them. Even if they can monitor such traffic, they cannot protect data adequately enough.

CASB or Cloud Access Security Broker is a new kind of security solution located between corporate users and cloud applications. It allows us to detect, monitor and control the cloud services usage much more granularly and efficiently as a web security proxy would. It is more tightly integrated with most common cloud services through public APIs or development partnership, therefore being much more capable in data protection. We can put in place security policies that protect business data even when that data is already stored outside corporate premises, in a cloud; with traditional web security solutions that is not possible. CASBs also lessen the security impact of Shadow IT. Because they are related, CASB products are often developed from scratched or acquired through company acquisition by vendors of traditional web security solutions like Skyhigh Security (McAfee Enterprise) and Forcepoint.