Understanding Cloud Access Security Brokers (CASB): What They Are and How They Work

A cloud access security broker (CASB) is a software solution or service that acts as an intermediary between an organization’s on-premises infrastructure and the infrastructure of cloud service providers. CASB tools deliver a standardized approach for organizations to access cloud resources effectively.

These tools are crafted to integrate and enforce an organization’s security policies when accessing cloud resources, thereby mitigating potential risks associated with incorporating cloud networking into existing IT frameworks. CASBs play a crucial role in safeguarding data, ensuring compliance, and providing threat protection.

CASBs encompass various security measures, including user authentication, credential mapping, encryption, logging, and malware detection. Positioned between on-premises systems and the cloud, a CASB ensures that all outbound traffic adheres to established security protocols before it reaches the cloud environment. CASB solutions are available in several forms, including on-premises, cloud-based software, and as software as a service (SaaS).

Key Features of a CASB

CASBs typically provide the following functionalities:

• User Authentication: Verifies user credentials, ensuring individuals only access relevant company resources—this complements identity and access management (IAM) tools.
• Web Application Firewalls: Protect against malware that targets applications rather than the network itself.
• Data Loss Prevention (DLP): Safeguards sensitive information by preventing unauthorized transmission outside the organization.
• Shadow IT Discovery: Identifies unauthorized cloud applications in use and assesses associated risks.
• Access Control: Restricts user access within company applications based on defined permissions.
• Visibility Features: Provides insight into the cloud services utilized within the organization, monitoring user and data activity.
• Threat Protection: Incorporates behavioral analytics and malware detection to preempt threats.

The Four Pillars of CASB

CASBs function as gatekeepers, allowing organizations to extend their security measures beyond traditional infrastructure. The foundational components of a CASB include:

1. Visibility: Provides insights into cloud usage and detects unauthorized applications, addressing the limited visibility many organizations face with cloud providers.
2. Compliance: Ensures that organizations meet regional regulatory requirements, such as HIPAA or GDPR, by enforcing stringent access controls.
3. Threat Protection: Identifies and mitigates potential malware threats users might inadvertently introduce to the cloud.
4. Data Security: Secures an organization’s cloud data through robust access management and DLP protocols.

How a CASB Works

CASBs monitor the network traffic between on-premises devices and cloud service providers, ensuring adherence to an organization’s security policies. Their significance lies in providing insights into cloud application usage and identifying unauthorized use, which is critical for compliance, especially in regulated industries.

The operation of a CASB follows a three-step process: discovery, classification, and remediation. During the discovery stage, the CASB identifies cloud applications in use; the classification stage assesses the risk associated with each application; and the remediation stage addresses identified threats according to the organization’s security policies. CASBs utilize autodiscovery to recognize cloud applications, high-risk users, and other potential risks while enforcing various security controls like encryption and device profiling.

Use Cases for CASBs

CASB tools have matured to work alongside other IT security solutions, with some vendors still offering them as standalone services. They are particularly beneficial for organizations managing shadow IT or allowing business units to procure their own cloud resources. Common use cases for CASBs include:

• Data Security: Enabling granular access controls and protecting sensitive data during transfers.
• Malware Protection: Shielding against potential malware introduced through cloud services.
• Continuous Monitoring: Tracking user activity across applications and cloud services for compliance and analysis.
• Cloud Application Usage Tracking: Offering visibility into cloud application usage to identify patterns and potential misuse.
• User Behavior Analytics (UBA): Providing a foundation for advanced behavior tracking and anomaly detection.
• Integrations: Collaborating with other security tools like firewalls and IAM solutions.

CASB Vendors and Resources

Numerous vendors offer CASBs, including:

• Broadcom Symantec CloudSOC CASB
• Fortinet FortiCASB
• Microsoft Defender for Cloud Apps
• Netskope One CASB
• Skyhigh CASB

Microsoft also incorporates CASB capabilities within its base Azure security services at no additional cost.

To cater to infrastructure-as-a-service and platform-as-a-service users, CASB vendors have expanded functionalities to cover security tasks, including:

• Single Sign-On (SSO): Enabling one-time credential entry for multiple applications.
• Encryption: Ensuring data protection from creation through to cloud storage.
• Compliance Reporting: Verifying adherence to corporate policies and governmental regulations.
• User Behavior Analytics (UBA): Detecting unusual behaviors that could signal potential security breaches.

The Future of CASB in SASE

CASBs are poised for continued integration within secure access service edge (SASE) infrastructures. SASE is a cloud-based framework that combines network and cloud-native security technologies into a cohesive service. This model allows organizations to unify their network and security tools under a single management platform.

CASBs are vital components of SASE solutions, offering the access control, policy enforcement, threat prevention, and visibility necessary to protect cloud-based resources. As cyber security landscapes evolve, the role of CASBs is expected to expand, solidifying their position as integral elements of SASE architectures. For more on SASE, its applications, and the benefits and challenges it poses to organizations, further exploration is recommended.