Do you need a CASB?
“Cloud Access Security Broker” (CASB) is among the most frequently used buzzwords in the field of security in 2018. Why is that? The answer is quite simple: cloud computing still presents a huge vulnerability for most enterprises, but it is also the foundation of any kind of digital transformation.
The CASB is a key component in securing external cloud offerings (outsourced cloud services). These services are highly heterogeneous (IaaS, PaaS, SaaS), large in numbers and hard to secure, as they are often a “black box”. And they actually are the key ingredients of what is known (and dreaded) as “shadow IT”.
A CASB provides an integrated and automated security solution around 3 key ingredients: ID management, application security, network and infrastructure protection, plus encryption, a critical security functionality. Above all, a CASB helps to create visibility (because, as we all know, the lack of visibility is one of the biggest security threats) of the external cloud assets a company uses in order to protect the enterprise from threats linked to their usage. Plus a CASB helps to protect the company’s network and infrastructure from malware that may come with cloud usage.
CASBs are very diverse in nature. They can be either proxy-based or API-based, focused on SaaS or able to monitor IaaS and PaaS as well. They can be delivered in the public cloud, by a private cloud provider, or used on-premises as a virtual or physical appliance. Just as diverse as the CASB itself are its use cases, which include tackling shadow IT, securing data, blocking malware, neutralizing APT, and extending and complementing ID and SIEM systems.
CASBs also have their limitations, though: Their level of protection varies for different cloud services and they may have some blind spots, e.g. cloud e-mail. In most cases, they have to be used in conjunction with other security solutions such as security web gateways or end-point protection. And then there is the issue of rising complexity, another antagonist of security. As always in IT, there is no panacea.
For more information refer to our CASB report.