An on-trend solution for securing cloud usage is a Cloud Access Security Broker (CASB). CASB is a software specifically designed to control and protect cloud access. This relatively new form of cloud security is found between the cloud service and its users, acting as an external security gateway to the cloud. However, CASBs also have many extra features: they serve as monitoring and management tools within the cloud, provide information about irregular operations, and determine what action to take in the event of a security alert. CASB is a new set of software designed specifically for enterprise cloud-based workflows.
To ensure cloud security, CASB offer very different services: they can be used to regulate user authentication, encrypt traffic, block unwanted traffic, identify malware, activate alerts for suspicious actions, or integrate additional access requirements. The latter would mean, for example that a CASB needs to identify and allow the device that an employee wants to access the cloud from. These security measures are defined in advance and then enforced by the CASB. Many CASBs work with other security solutions such as encryption, multi-factor authentication, IAM (Identity and Access Management), or SIEM (Security Information and Event Management).
Thanks to these services, CASB is very much in line with current worldwide security requirements. The market research institute Gartner predicted that as early as 2020, 85% of all companies will use a CASB security service. In light of this, it is not surprising that many early CASB services have already been bought by larger IT companies: the Elastica service, for example, was bought by Blue Coat Systems (owned by Symantec) and Adallom was bought by Microsoft. This clearly shows how much potential there is in the industry sector – and also how current the topic of cloud security is.
For CASB services like CensorNet, Bitglass, Netskope, or CipherCloud to function smoothly, they need to be well integrated into the company’s existing infrastructure. This means that on the one hand, they need to be connected to the business’ user management, and at the same time, be deeply integrated in the clouds they need to protect. Many CASBs already support cloud-based services that are commonplace in everyday business life, like Microsoft 365, OneDrive, Box, Google Apps or Salesforce. However, they can also work with programs unknown to them.
To integrate CASB into a company network, there are different variants. CASB software is either cloud-based, or is operated locally. It integrates with the company’s IT infrastructure either as a central gateway or as an API application. Both variants have advantages and disadvantages: if the CASB is implemented as a gateway, it is located directly between the user and the cloud service. It is then switched on in the data stream and can directly block unwanted actions. A disadvantage of this variant, however, is that the cloud performance can be affected by the increasing workload. If a company has a large number of employees, API based solutions are an option. In this instance, the CASB is out of direct user cloud communication. Although the CASB cannot intervene directly in these actions, in does not have any impact on the cloud service performance.