Introduction
- Cloud Access Security Broker (CASB) is an on-premises or cloud-based security policy enforcement point (PEP) that is placed between user and cloud service providers (CSP) to combine and interject enterprise security policies as cloud-based resources are accessed.
Four Pillars of CASB
Visibility
- Visibility allows the enterprise to ask the following questions and provide a consolidated view on the answers:
- Who is accessing what?
- How often, when and where these services are being accessed by their employee?
- What data flowing where?
- Answers to these questions gives insight to enterprise about the nature of cloud services usage by their employee.
- Example: CASB should be able to tell you that “Steve” is simultaneously attempting to log into Salesforce from San Francisco and into Box from New York – an indicator of a potential credential compromise.
Compliance
- Compliance allows the enterprise to know whether it follows the internal and external regulations/ policies all time. Focuses on regulations such as HIPPA, PCI, etc.
- Example: CASB can provide logs for audit purposes, can encrypt sensitive data-at-rest to protect against breach, and can enforce data leakage prevention policies to control access to regulated data.
Data Security/ Data Loss Prevention
- Data Security allows the enterprise to enforce data-centric security policy to prevent unwanted access to data. Also does the Data-Loss Prevention (DLP).
- Example: An example policy would be all data that goes between user and cloud service is always encrypted and decrypted.
Threat Prevention/ Access Control
- Access Control allows the enterprise to allow/ deny user access to cloud services based on various criteria. (user behavior, device type, location, risk score, etc.). Also does malware detection and prevention.
- Example: A
Integration Modes
Stage 1 – Passive/ Non-Intrusive
Stage 2 – Active/ In-Line
Credits: https://www.youtube.com/channel/UC3jldIfC834kazgMlKX4xEA/videos