What Is a Cloud Access Security Broker?

What is CASB?

Every day, your people access cloud apps – whether it’s Microsoft Office 365, Box or Google G Suite – from all types of devices, at the office or remotely. If your organisation is looking for a way to gain better visibility into and control over app usage and sensitive data in the cloud, consider evaluating a Cloud Access Security Broker (CASB) solution.

So what is CASB? The definition of CASB, as Gartner explains it, CASBs address security gaps associated with third-party cloud services and platforms that are not under your control but that process and store your data. 1 While cloud services offer a certain level of security, cloud security is a shared responsibility. The onus is on you to protect your users, your workloads and your data.

Cloud app security has become an essential component of a comprehensive enterprise defence in today’s cloud-driven world. Gartner estimates that, by 2022, 60% of enterprises will incorporate CASB into their security toolbox – up from less than 20% today.

Why You Need CASB

Security and compliance concerns with cloud apps and services are pushing more and more enterprises to implement CASB solutions. These include:

  • “Shadow IT” and the proliferation of third-party apps: When CASBs first came on the scene, enterprises deployed them primarily to curb “Shadow IT” (cloud apps and services used without the explicit approval of IT). Now enterprises also face the challenge of governing hundreds and sometimes thousands of third-party apps and scripts with OAuth permissions (which use tokens instead of passwords) to access enterprise data. These third-party apps add more features to Office 365, G Suite, Box and other platforms. But some are poorly built or overtly malicious. And, once an OAuth token is authorized, access continues until it’s revoked. After auditing each cloud app for its security controls, such as certifications, and other risks, such as broad data permissions, IT teams can make educated decisions on access controls for risky cloud apps and can promote the use of “safe” cloud services. 
  • Cloud account compromise: Apps and data in the cloud are often accessed by cybercriminals through compromised cloud accounts. Proofpoint recently analysed more than 100,000 unauthorized logins across millions of monitored cloud accounts and found that 90% of tenants are targeted by cyber attacks. Sixty percent of tenants have at least one compromised account in their environment. These typically begin with brute-force attacks – where threat actors submit multiple user names or passwords in an attempt to guess user credentials correctly so they can access an account. Another method is credential phishing, where they try to get users to part with their passwords through socially engineered emails. Once they have the credentials, attackers then leverage these cloud accounts to pose as legitimate users in order to get employees to wire funds to them or release corporate data. Threat actors also hijack email accounts to distribute spam and phishing emails.
  • Loss of intellectual property: The risk of losing trade secrets, engineering designs and other corporate-sensitive data is very real when employees use cloud-based collaboration or messaging tools to share files and information. Employee negligence or lack of training can result in oversharing of files via public links that can be accessed by anyone. Insider threats are also common. A common example is theft of customer sales records from CRM services by sales personnel who plan on leaving the company. Enterprises can increase visibility to data handling in the cloud and improve data security by employing user-centric policies to control access to cloud services and data via CASB solutions.  
  • Stricter regulations and bigger fines: Organizations in virtually all sectors are finding that maintaining compliance has become a daunting task. Many regulations and industry mandates now require you to know where your data is and how it’s shared in the cloud. Violations of recent data privacy and residency regulations can result in hefty fines. For example, violators of GDPR can be fined up to 4% of worldwide annual revenue. CASBs can lighten the compliance burden and spare you the headaches at audit time.

How CASBs Strengthen Your Security Posture

Now that you know why you need a CASB, let’s take a look at the capabilities of CASBs. They perform several key functions that go beyond enterprise firewalls and web gateways: 

  1. Cloud app governance: CASBs govern cloud apps and services by offering a centralized view of your cloud environment, with details like who’s accessing what apps and data in the cloud from where and from which device. Because usage of cloud apps has become so pervasive, CASBs catalogue cloud services (including third-party OAuth apps), rate the risk level and overall trustworthiness of cloud services and assign them a score. CASBs even provide automated access controls to and from cloud services based on cloud service risk scores and other parameters, such app category and data permissions.
  2. Defence against cloud threats: CASBs can help detect cloud threats by monitoring suspicious or excessive logins and then sending out alerts. CASBs also use advanced anti-malware and sandbox tools to block and analyse threats. And in some cases, CASB vendors rely on their own global research and third-party feeds to help identify the behaviours and characteristics of current and emerging cloud-based attacks. Today’s sophisticated CASB solutions also allow you to configure policies for automated remediation of cloud threats. For preventative measures, you can configure user-centric adaptive access controls based on the user’s role (such as privileges and VIP status), the risk level associated with the login and other contextual parameters, such as user’s location, device hygiene and others.
  3. Securing sensitive data: Detection and removal of public and external shares of files as well as data loss prevention (DLP) are critical components of a CASB solution. For example, CASBs enable you to set and enforce data security policies to allow users to access only certain categories of data based on their privileges. In most CASB solutions, DLP works natively and is also integrated with enterprise data protection solutions.
  4. Compliance for the cloud: CASBs can be a big help when it comes to proving that you are exercising proper governance over cloud services. Through visibility, automated remediation, policy creation and enforcement and reporting capabilities, CASBs enable you to stay compliant with industry and government regulations. These include regional mandates, like European Union General Data Protection Regulation (GDPR), and industry standards and rules, like the Health Insurance Portability and Accountability Act (HIPAA).

Want to learn more about how CASB can help you secure your cloud footprint? Visit: https://www.proofpoint.com/uk/products/cloud-app-security-broker.

1 2018 Gartner Magic Quadrant: Cloud Access Security Brokers

Subscribe to the Proofpoint Blog