What is CASB and why does your IT team need one?
What is CASB? CASB, or cloud access security broker, is a relatively new term in the cybersecurity space. It is used to define the industry of solutions that protects the data stored in cloud applications, such as Google G Suite and Microsoft Office 365. Though, some argue that CASB is already outdated in favor of Cloud Application Security Platform (CASP).
Gartner defines a CASB as: “on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed.”
Let’s take a look into what CASB is to help you understand why you need cloud security to protect your organization’s data stored, accessed, and shared in the cloud.
What is CASB? A Brief History
In the beginning, there was hardware security. Network security was created as computers became connected to each other within a closed network and gained the ability to connect to servers globally with the internet.
Then, cloud computing began to take over. Cloud computing enables people, students, and teams to easily store, share, access, and collaborate with others across the room or on the other side of the globe. Today, doing business in the cloud is the norm, 96% of organizations now use the public cloud to conduct business, teach students, and more.
The problem with doing business in the cloud is that it requires a different security approach than network security. Most people think that the firewall and/or gateway they have in place will also protect their information in the cloud. Or they think that the cloud app vendor is taking care of data security for them.
The truth is that these measures are inadequate for cloud data security. Thus, the cloud access security broker (or CASB) was born.
The fundamental principle to access that makes working in the cloud so appealing is also what makes information stored and shared there vulnerable. Google and Microsoft have world-class physical and network security, encryption, and more that helps take some of the pressure off of InfoSec managers. But Google and Microsoft are not responsible for managing access and improper use of information for each individual client. CASB vendors work closely with G Suite, Office 365, and other popular cloud applications to fill this critical data security gap.
As the cloud security industry began to blossom, the smart people at Gartner decided that this new category of tools should have a name. Working with their cybersecurity clients that were developing early versions of the CASB, they coined the term cloud access security broker (CASB) and published the industry’s first quadrant in 2017.
There is some discussion around whether or not CASB is the right term for the industry today. Looking at the present—and into the future—the decision to include the word “broker” in the name is unlikely to stand up to the test of time. This is because a broker indicates that a “man in the middle” such as an agent or proxy needs to be used in cloud security. However, both Microsoft and Google have published recommendations against using such technology. Newer CASB architecture uses APIs to work with the cloud application, rather than sit between the app and its user. This distinction is important.
The 3 Main Functions of CASB
Data Loss Prevention
Data loss prevention is probably the most critical function of any data security strategy. When it comes to securing data in the cloud, it’s quite different than traditional on-premise data loss prevention.
Data stored, accessed, and shared in the cloud is vulnerable to both accidental and malicious leaks. Try as they might, employees always seem to find a way around IT’s sharing policies. One thing leads to another and all of the sudden there’s data exposure to outside users. The openness and accessibility of the cloud is what also makes it particularly challenging for IT and InfoSec managers to secure data.
Using a CASB helps quickly identify where the leaks in an organization’s cloud environment are and close them. A CASB will also provide IT with more robust rules and policy controls than they get from standard level G Suite and Office 365 licenses. This allows them to set specific content-level sharing and remediation policies, so data loss prevention becomes automatic as they configure the system (and as the system learns).
While data breaches are most often the consequence of human error, plenty of malicious threats exist to haunt us.
Phishing schemes of all types (malware, ransomware, etc.) are constantly testing the durability of information systems. We often hear about the big breaches in big companies, but the truth is that small businesses, education, and local government are falling victim to cyberattacks more often than ever before. These industries make it relatively easy for hackers to gain access to lucrative information because they lack the budget and/or expertise to properly secure their cloud applications.
Most CASBs help IT teams protect sensitive data stored in the cloud through partnerships, acquisitions, and homegrown threat protection technology. In this area, it’s particularly important to choose your CASB wisely. As previously mentioned, some CASBs are built using legacy “man in the middle” security technology. This basically duplicates the security you already have in place with your firewall and/or secure gateway. API-based CASBs, on the other hand, work cumulatively with your existing InfoSec stack to create an additional layer of security.
Using an API-based CASB to protect your cloud environment from malicious threats is critical. There is an unbelievable number of different threats in cyberspace today. It’s no longer just a matter of putting a spam filter on your company email. Cloud threat protection must also cover shared files, unsanctioned cloud applications, browser plugins, and more because they are all being used by criminals to try to gain access to your information infrastructure.
Account Monitoring & Compliance
This is where CASB functionalities get exciting. When an organization moves from on-premise software to the cloud, system admins find that they are left blind to account activity. You used to be able to see who was logging in, from where, what they were accessing, etc.
Unless your organization has the budget for enterprise-level licensing, all this visibility is gone when you move to cloud-based G Suite or Office 365. There are a lot of issues with not having visibility, the first of which deal with the two sections discussed above. Without being able to see and control account activity, it’s very difficult to prevent data loss and thwart malware and phishing threats.
There’s also a compliance element to data security that requires account monitoring. Schools, companies, government agencies, and nonprofit organizations are all required to protect the public’s personally identifiable information that is stored in their databases. When a breach does occur, organizations are also required to notify those affected.
Using a CASB solution provides the level of visibility and control that IT and InfoSec managers need to keep data secure. Curious? Take a look for yourself when you sign up for a free trial!