CASB

Introduction

Cloud Access Security Broker (CASB) is an on-premises or cloud-based security policy enforcement point (PEP) that is placed between user and cloud service providers (CSP) to combine and interject enterprise security policies as cloud-based resources are accessed.

Visibility allows the enterprise to ask the following questions and provide a consolidated view on the answers:
- Who is accessing what?
- How often, when and where these services are being accessed by their employee?
- What data flowing where?
Answers to these questions gives insight to enterprise about the nature of cloud services usage by their employee.
Example: CASB should be able to tell you that “Steve” is simultaneously attempting to log into Salesforce from San Francisco and into Box from New York – an indicator of a potential credential compromise.

Compliance allows the enterprise to know whether it follows the internal and external regulations/ policies all time. Focuses on regulations such as HIPPA, PCI, etc.
Example: CASB can provide logs for audit purposes, can encrypt sensitive data-at-rest to protect against breach, and can enforce data leakage prevention policies to control access to regulated data.

Data Security allows the enterprise to enforce data-centric security policy to prevent unwanted access to data. Also does the Data-Loss Prevention (DLP).
Example: An example policy would be all data that goes between user and cloud service is always encrypted and decrypted.

Access Control allows the enterprise to allow/ deny user access to cloud services based on various criteria. (user behavior, device type, location, risk score, etc.). Also does malware detection and prevention.
Example: A sales rep that normally logs into Salesforce and updates some data in his accounts, but then one day logs in and attempts to download the entire company contact database to his BYOD device – a CASB should be able to thwart such risky activity in real-time.

casb1