A beginner’s guide to cloud access security brokers

• Sees it all from one platform. Making the flurry of users, devices, files and connections visible is key to better security. A CASB allows IT managers to monitor what’s going on across all third-party apps and therefore enforce specific controls. For instance, allowing access to certain apps only from approved devices or limiting access to files containing sensitive information.  

• Discovers Shadow IT. Because cloud services are so ubiquitous, and people can work from anywhere, it’s not uncommon for employees to access cloud services without their IT department’s knowledge. This type of exposure is called Shadow IT or Shadow SaaS. CASBs allow organizations to discover what apps are being used in the shadows and determine whether they meet security requirements. 

• Reports risks. With visibility comes the ability to monitor and report security risks. If a user logs in to a company cloud service from two locations across the globe within an hour, for example, a CASB will flag that event then immediately block the unauthorized login.  

• Prevents cyberattacks. CASBs use an array of strategies to protect organizations against unwanted users and malicious attacks, to which cloud services are increasingly vulnerable, studies show.  

• Detects unusual behavior. Being able to track normal user behavior across apps helps CASBs detect and analyze abnormal behavior. CASBs identify, alert and remediate risky events immediately. They can also isolate and test suspicious files before they risk affecting the entire ecosystem. 

• Offers a robust suite of protections. Key features of a CASB include anti-phishing protection, malware protection, account takeover protection, protection against rogue applications and ransomware, and URL filtering (which means checking every single email, chat message and so on for malicious links).  

• Information protection. There is a vast amount of potentially sensitive data in the cloud, as well as traveling in and out of it, from trade secrets to personal information. CASBs protect that data by classifying it and then offering a variety of protections like encryption, tokenization, and extremely granular access controls.  

• Data loss prevention (DLP). Working in the cloud means that sharing sensitive data with unauthorized users, even accidentally, is far too easy. A CASB will protect against critical data leaks by labeling, tracking and restricting access to files and specific information as it travels from a device to the cloud and beyond. 

• Automated processes. Since there are so many moving parts here, CASBs can also do heavy lifting through automation of particular processes, namely automatically labeling sensitive files while maintaining plenty of opportunities for manual control. 

• Compliance with industry regulations. A CASB helps ensure compliance with an organization’s internal security policies. It also helps ensure compliance with broader data and privacy regulations, such as for the health care and retail industries. These include the federal rules around PII (Personally Identifiable Information), PHI (Personal Health Information), the PCI DSS (Payment Card Industry Data Security Standard), and HIPAA (Health Insurance Portability and Accountability Act).  

• Built-in compliance tools. A CASB should include mechanisms for auditing as well as reporting compliance issues in real-time. It can also, for example, automate necessary processes, such as deleting specific files or encrypting them after a determined amount of time has passed.  

• Consumer privacy compliance. CASBs also help organizations comply with some of the more recent consumer data regulations, including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).  

So, is a CASB necessary for your business? 

Likely, yes. If your company uses cloud services and your employees access company networks via multiple devices and Internet connections, then it’s crucial to close security gaps with a CASB. Gartner places CASBs in a top-ten list of security projects to implement by 2020. 

Before you jump in, though, it may be important to do some research and self-assessment to understand your company’s security and cloud app landscape. Businesses of all sizes can benefit from CASBs. But it’s a rapidly-changing market, and not every CASB service is ideal for every company.  

How do you choose the right CASB?  

• Look for key functionalities. CASB solutions should offer all of the above, especially comprehensive DLP policies and tools, encryption and tokenization, and antivirus and malware protection. As part of a vigorous security package that tracks user behavior and controls access effectively, alongside improving the user experience, it should also include end-user behavior analytics (UEBA) and adaptive access control (AAC). 

• Check out market analyses. Some CASB solutions, you’ll find, rank very highly in the market based on reliability and functionality amidst an evolving security space. Consider reports by respected firms such as Gartner to help you assess your options.  

These days, chances are high that your organization uses cloud-based services (according to one recent survey, it’s 94 percent). And these services don’t take responsibility for the security of your company’s data; you do. By and large, it’s time to consider integrating a CASB into your security strategy.