CASB Security Isn’t A Luxury—It’s A Necessity
Cloud computing has exploded in business and education over the last decade. By next year, 83% of enterprise workloads will be in the cloud. That means everyone, from public schools and universities to health systems and corporate America, will be reaping the rewards of increased productivity and greater efficiency.
At the same time, 66% of IT professionals say security is their biggest concern when it comes to implementing cloud computing. How can you balance the benefits of cloud computing with the need for security? A Cloud Access Security Broker (CASB) is the key.
CASB Security: Where Did It Come From?
What is CASB? The term “Cloud Access Security Broker” was coined by Gartner around 2013. The major catalyst to the CASB emergence was the explosive growth of cloud computing and the enormous amount of data being produced. Cloud computing is expected to reach $411 billion by 2020. Artificial intelligence, machine learning, Internet of Things, Software-as-a-Service and Infrastructure-as-a-service are all contributing to this growth and becoming an integral part of IT strategies across industries.
IT departments quickly realized that keeping up with security was a challenge due to all the apps, devices, cloud providers and files their employees were using. Consider this: 2.5 quintillion bytes of data is being produced every day, that’s a one followed by 18 zeros!
CASB security provides information technology security teams with a platform that unifies security measures across the cloud, providing visibility and control that most cloud app admin consoles lack. Detecting threats, managing multiple data streams and enforcing security measures becomes as simple as implementing one CASB security platform.
What Types of CASB Security Are Available?
In just a few short years, CASB architecture and solutions have come a long way. The original proxy-based CASB has gradually been replaced with Application Programming Interface (API) CASB technology. Which is best? Here’s brief summary of each.
Proxy-Based CASB Security
At the risk of sounding biased, proxy CASB are based on somewhat “old-school” technology. Within a CASB security solution, a proxy acts like a gateway, verifying users and devices as they try to access the cloud. The biggest advantage to a proxy CASB is that it can identify threats and take action in real time.
But there are critical disadvantages to this approach. Proxy CASBs cause significant network delays and only secure known users. For IT departments, that leaves a gap in data security, and for users it causes frustration when they can’t access their data quickly. Also, if you already use a Next-Gen Firewall (NGFW) or a secure gateway, installing a proxy-based CASB is basically just paying for duplicate functions.
Neither Microsoft nor Google support using a proxy CASB with their Office 365 and G Suite applications. They will not notify third-party vendors of changes in authentication methods, and they won’t guarantee that those changes won’t make your proxy completely ineffective. Google is also proposing security upgrades to their Chrome extension policy that would render so-called “agentless” CASBs useless.
API-Based CASB Security
API CASB provides visibility into user activity, making compliance, threat protection and data security easier and more efficient. IT teams can easily customize rules and policies based on individual, department, or other breakdown makes the most sense for your organization. Instead of duplicating functions, API CASB security provides an additive solution that integrates with your existing security architecture, such as Next-Gen Firewalls (NGFW) and secure gateways.
Why Your Organization Needs CASB Security
We hear the question all the time: “I just invested $200K in a firewall. Why would I need cloud security?” Think of it this way: You have locks on the doors and windows of your home to keep intruders out, right? But what happens when a burglar gets inside? Many people get a home security system for this very reason. It lets you know if a breach has occurred, where the person got in from and, in some cases, what that person is doing in real time. It sets off alarms and alerts the proper authorities to help limit the impact of the break in.
That is what cloud security does for organizations that use cloud applications to create, collaborate, and store information in the cloud. A firewall will help protect your network perimeter, but cloud applications don’t exist within your network—they operate in the public cloud. So, your firewall and/or gateway works like the lock on the door to your house, it makes it more difficult for criminals to get in, and it deters the less motivated or sophisticated ones.
But, once a cybercriminal gets passed the perimeter they’ve gained access to your data. They use that access to download, copy, and share that information for their own malicious purposes. Without cloud security, your team may never know that a breach has occurred. Your organization’s intellectual property, financial data, and the personally identifiable information of customers and employees could be sold for profit without you ever knowing there’s a leak in your system.
With the right CASB security solution, alerts and alarms will start to go off when a criminal gets past your firewall perimeter and gains access to your cloud environment. A cloud security platform can perform a variety of tasks automatically to stop the data from being stolen. It can lock down a user account, revoke viewing and sharing access to certain types of documents, and more. Further, IT security managers get critical insights into exactly how the criminal was able to gain access to the environment, what files and folder were compromised, and more.
Cloud security isn’t a luxury—it’s a necessity. As more data is being created, stored, and shared in the cloud, your organization is becoming more and more vulnerable without a cloud security. Pouring more money into a more expensive firewall will not make that firewall more effective at securing what it cannot control.