Image via Flickr by Blue Coat Photos
Cloud usage quickly grew because both companies and employees wanted simplicity, efficiency, and the cost savings that come with moving to the cloud. As new cloud services were introduced, employees started procuring these tools without awareness of the IT department, thus creating a shadow IT problem.
At the same time, companies started migrating their on-premises IT infrastructure to the cloud. As an example, a few years ago, most employees at a typical organization would be using Microsoft’s Office suite of productivity software such as Word, Excel, PowerPoint. Today, those organizations are rapidly moving the cloud version of Microsoft Office, known as Office 365.
However, the same security controls they had in place for their in-house software and data centers do not apply to the cloud. To address this problem, the cloud access security broker (CASB) market emerged. Here are five things you need to understand about CASBs.
What Are CASBs?
The CASB market first emerged in 2012 with a focus on providing visibility and control into an organization’s cloud footprint (Shadow IT). As cloud adoption accelerated, the need for CASBs grew. Today, CASBs are used to secure both shadow and sanctioned cloud applications. It is projected that by 2020, the CASBs market will reach $7.51 billion.
CASBs have two primary deployment modes: API and inline proxy (reverse or forward). Most enterprise-ready cloud application vendors have robust APIs that allow CASBs to maintain and control data sharing, user access, and permissions, However, in some cases, an inline deployment mode is preferable. As an example, if data must be encrypted before being uploaded to a cloud service provider, then the inline CASB deployment mode will be the ideal method. On the other hand, if an organization wants to apply collaboration control policies to a cloud application like Office 365, they would be better served doing so via API due to the depth of collaboration information that can be extracted and analyzed through the cloud service API.
Additional Security Beyond Shadow Information Technology
Shadow IT, also known as Stealth IT, is an internal problem that could lead to security breaches simply because neither the IT department nor the security team are aware of the technology. CASBs can help organizations crack down on shadow IT usage by providing visibility into the total number of cloud services in use, usage analytics around the amount of and types of data being uploaded/downloaded, and a security risk rating for each cloud service.
But, it doesn’t stop there because CASBs also provide additional security control for authorized business applications (sanctioned) in the cloud, like Dropbox, Box, Salesforce, or AWS.
Access Controls Beyond Native Cloud Vendors
Most enterprise-ready cloud services provide some level of access control natively within the application. CASBs take this a step further and provide contextual access control where it enforces access policies based on who the user is, whether they’re using a managed or unmanaged device and the location from which the access attempt originated.
They can also enforce contextual authentication policies. In this instance, once a user has logged into a cloud application and displays suspicious behavior, they may be prompted to provide further information to authenticate their identity. If the user can’t provide additional information, they’ll be locked out and the security incident will be flagged for further investigation.
Continuous Data Monitoring
CASBs can provide real-time or near real-time data monitoring, and use APIs to retrospectively analyze user behavior. CASBs can examine threats or anomalies and act as a tool to enforce security policies. As a security policy enforcement point, it can block a file from being uploaded to a cloud service, encrypt the file before it makes it to the cloud, coach a user to switch to or tombstone a file for further investigation.
For example, social media links like Facebook and Twitter can increase a company’s security risk. In fact, a report in 2016 showed that Facebook scams were the most common type of malware delivered. With a CASB, an organization can monitor the amount and types of data being downloaded from an application like Facebook, and flag suspiciously high number of data being downloaded.
Useful in Investigations
CASBs protect multiple applications and provide detailed audits of administrative and user usage. Instead of trying to collect and upload logs from various sources, with CASBs you have a single comprehensive summary of all activity. This information can be useful in forensic investigations and incident evaluations.
The bottom line is that many cloud service vendors have security capabilities, but CASBs go beyond those capabilities. They have added security features that enhance and streamline security for companies, especially in an era of high cloud and mobile usage. These are some of the important things you want to understand about CASBs before making any decisions because this information will help you decide your organizational needs.