The cloud access security broker (also referred to as a CASB) is now an essential piece of any organization’s cybersecurity infrastructure. Businesses using cloud applications for productivity, collaboration, and storage are challenged by the unique security requirements of operating in the cloud. Using a CASB solves many of these challenges by providing unmatched security, visibility, and control over access to and behavior within popular cloud applications.
What is a CASB? It is a technology, often in the form of a platform, used to protect data stored in cloud applications, such as Google G Suite, Microsoft Office 365, Dropbox, Slack, etc. CASB architecture can be built in two basic ways. A CASB can use APIs or it can use an agent, proxy, or extension. API vs. proxy CASB architecture has important differences, each with their own advantages and disadvantages.
Gartner coined the term to describe the industry of CASB vendors that has developed over the past several years to solve the unique security issues that businesses and other organizations experience when they move to cloud computing from traditional, on-premises software. Here, we’ll explore eight of the most common business challenges that a CASB solves, why these challenges are unique and important to cloud computing, and how a CASB is able to help.
Secure cloud access is the first and most important defense to protecting data stored in cloud applications. The development of API-based CASB technology now allows CASB vendors to build more broad governing controls. Detecting account takeovers, monitoring how data is shared and used, and controlling shadow cloud IT are all benefits that using a CASB provides to IT teams.
Of course, restricting access to information stored in the cloud is the first data security concern of any business. Many IT leaders mistakenly believe that their firewall is sufficient to secure data stored in the cloud. But the cloud doesn’t exist on your network, and employees aren’t always accessing the information from within the network. They’re taking their laptops and devices home, to the coffee shop or shared workspace, and while traveling.
The point of the cloud is to allow access to information from any device, in any location. The challenge for IT and security teams is to only allow that type of freedom to authorized users. A CASB solves this challenge by securing and monitoring access to information within the cloud, not just at the perimeter.
Account takeovers are when an unauthorized user gains access to an authorized account. This happens in a number of ways in cloud computing. It could have been due to weak password and authentication controls, a phishing attack, or through a malicious OAuth application. However access is gained, identifying when an account takeover has occurred is notoriously tricky, particularly in the cloud. This is because, without the right type of monitoring tools in place, admins have no visibility into behaviors that are taking place within the application. Once the attack has crossed or circumvented the secure network perimeter, there’s no “hall monitor” watching what’s going on.
Using a CASB solves this issue because it monitors for suspicious login and activity behavior 24/7. If a potential issue is detected, a CASB can automatically take action to revoke access from the suspected account. The speed at which access is revoked largely depends on the CASB architecture.
Shadow IT has been a business challenge for decades. The newer evolution is shadow cloud IT. Employees are using more cloud applications than ever before, and cloud apps are quickly overtaking the use of unsanctioned software and web applications.
The main problem with unsanctioned cloud (or SaaS) apps centers around the use of OAuth. Once an employee activates a cloud app using their work credentials, that application is granted specific permissions based on the app developer’s specifications.
There are two main issues with this. First, the application developer may not have malicious intent, but there could be security gaps within the architecture of the app. This application’s security gaps are now passed on to your organization. If their app is attacked, hackers can gain access to customer information, and customer cloud environments that are connected through OAuth.
The second issue with shadow cloud IT is that there are malicious apps out there. Knowing how powerful OAuth access can be, criminals develop applications with the intent of getting people to provide OAuth permissions. For example, they can create an application that requires read, write, and send permissions for the user’s email. Once granted access, the application can use those permissions to send phishing emails to others in the organization. These phishing emails will usually not be flagged by traditional MTA.
CASBs detect risky and unsanctioned applications that have been granted OAuth permissions and can be configured to revoke access, unsanction, delete, or warn the user. Using a CASB, admins can easily see and control the shadow cloud IT connected to their organization’s environment.
CASB security is the only way to protect data stored in cloud applications, such as Google G Suite, Microsoft Office 365, Dropbox, Slack, etc. This is because data stored and accessed in the cloud does not live within your perimeter—nor is it always accessed from inside your perimeter. Three business challenges that a CASB solves in terms of data security include data loss prevention, providing data access controls, and auditing risky (and unauthorized) behavior.
Data loss prevention is a hot (and important) topic. There are many different types of data, and data loss prevention methods, that should be used to protect company data. When it comes to operating in the cloud, there are a few ways that data can be lost. If you’re using a reputable cloud service provider to store your data, such as Google or Microsoft, you can rest easy that the underlying storage infrastructure is secure and backed up.
But securing the service side of any of these companies cloud apps is your responsibility. Both provide robust tools and features to help you do that, but you need to make sure they are properly configured and sufficient for your organization’s needs.
A 3rd party CASB is going to be an extremely helpful component of your data loss prevention tech stack for a couple of reasons. It will provide a central “command center” for cloud activity, rather than requiring staff to monitor behaviors and alerts in multiple, disparate systems. It also provides a redundant, additive layer of security to detect risks that might not get picked up by native app security functions.
The core tenant of modern data security is zero trust security. Zero trust security is exactly what is sounds like: trust no one, no matter if access is internal or external. As discussed earlier in this article, cloud app account takeovers are on the rise, can come from a number of different types of breaches, and are notoriously difficult to detect without the right kind of CASB solution.
Using a CASB enforces zero trust security architecture in the cloud, because CASB technology monitors behavior within cloud applications, not just access to it at the perimeter. Your information security team needs to be able to see what is going on within cloud applications, including: who is accessing what information, who is sending and sharing what type of information, what cloud apps are connected via OAuth, and more. A CASB solves this challenge by providing full visibility and control over these types of behaviors, while automating remediation actions.
Being able to monitor and report on risky actions and behaviors within an organization’s cloud applications provides a number of benefits, both short term and over time. It provides insights into how employees are accessing and using information in the cloud to inform better security controls (such as adjusting DLP rules and policies). It can also help inform when cybersecurity training is needed, and what areas to focus on to improve employee behavior and mitigate the human error element.
Most organizations, especially smaller teams with limited cybersecurity resources, are able to obtain and use this kind of information. It can be extremely time-consuming, if not downright impossible, to do. A CASB solves this challenge by, first actually being able to create this kind of data. Second, some CASBs also provide the capability to schedule regular audits and reports, so the data collection, formatting, and distribution happens automatically. Then, it’s up to the team and the organization as a whole to decide what to do with it to improve their security posture.
Phishing and malware threats are nothing new. But how they are deployed in the cloud can be a bit different. Protecting your organization’s data stored in the cloud must include cloud-specific phishing and malware protections that can detect a litany of new threat vectors. It also requires 24/7 monitoring and remediation of cloud risks, even while your security team focuses on more pressing issues… and while they sleep!
Increasingly, hackers are using a gaping vulnerability in cloud app security to deploy cloud phishing and malware attacks. How these attacks usually work is that a criminal will place a phishing link in a Google Doc or a Word file. They will then share that file or send a link to it to people in an organization, hoping that someone will open the file and click on the link within it. Once they are able to trick even one person into clicking on the link, they are able to wreak all kinds of havoc on an organization. Often, it results in the hacker gaining access to the user’s account, allowing them to send phishing links to others in the organization directly from the internal email to try to gain access to higher-level accounts with access to more sensitive information.
The reason this approach is proving effective is that Google and Microsoft phishing filters are set to identify their own links as safe. So, when a sharing link is sent via email, phishing filters will not flag it. Most traditional MTAs won’t flag them either, as everyone assumes a link coming from Google or Microsoft is safe. And, in reality, it is. It’s not until someone clicks on the link within the document that the malware is activated.
Using a CASB solves the challenge of protecting your organization against this type of attack. Because, again, a CASB is monitoring for risks within the cloud, not just at the perimeter. So, it can detect suspicious links within a shared document and in emails that are sent internally within an organization. A CASB trusts no one—no matter who or where they are.
A crucial cloud security challenge is that most IT and/or security teams don’t work 24/7. Larger organizations may have big teams that work around the clock, but the vast majority do not. So, they can’t have a physical human being monitoring for cloud risks and taking action any time something comes up. IT leaders need a solution that will help manage the various risks, suspicious activity, and actions that need to be taken so they (and their employees) can sleep at night!
A CASB does this for organizations of all sizes. An API-based CASB, for example, can be deployed in a matter of minutes or hours (depending on the size and type of data being stored) and is very cost effective compared to agent and proxy-based CASB solutions. And certainly more effective and affordable than next-gen firewalls that simply do not provide the level of visibility and control that a CASB does.
Businesses that operate in the cloud need to ensure that data stored, access, and shared within cloud based applications are secure. Data breaches and account takeovers are common not just among Fortune 500 giants, but mid-sized organizations, education institutions, government agencies, and nonprofits. The media and the cloud security industry tends to ignore the significance of the threat to these types of organizations, so IT and security leaders within them sometimes feel a false sense of security. But cyber criminals are taking note. Attacks against public institutions, SMBs and nonprofits are on the rise.
Properly configuring your organization’s cloud application security settings should be your first step to protecting your organization, staff, customers, and other stakeholders. Once that is done, consider using a CASB to monitor and control your cloud environment for further, 24/7 cloud security.