Cyber Security: The need for Cloud Access Security Broker (CASB) in SASE

Cloud Access Security Broker (CASB) Overview:

A Cloud Access Security Broker (CASB) is a security tool that helps to protect an organization's data and users in the cloud. It does this by providing an additional layer of security between the cloud service and the organization's users, monitoring and enforcing security policies for access to cloud services. CASBs can be used to secure access to a variety of cloud services, including Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) offerings. They can provide security features such as authentication, authorization, data loss prevention, and threat protection. CASBs can be deployed as a standalone solution or as part of a larger security infrastructure.

Why & What is Unique in CASB?

We still have NGFWs, but why do we even need CASB? NGFWs can only provide high level of application signatures, based on applications, URLs, ip reputations and so on. But since most enterprise applications are moving to the cloud, the data is being accessed almost from anywhere without any control, leading to a big gap in maintaining the security posture. So, to get granular visibility of indepth cloud applications and to control activities of specific applications CASB has evolved. Some of the aspect which NGFWs cannot provide can be achieved via CASB. For example, to control access to data based on risk scores, to meet regulatory and compliance requirements, granular control of specific application activities like restricting download, uploads, file sharing etc. CASB's helps to enforce data centric security policies such as data encryption while uploading or downloading sensitive data, and real time responses to cloud based threats, like terminating access to users based on different factors, like triggered requests, gateway locations etc. NGFWs cannot provide such granular enforcement of a particular activity of an application, whereas CASB's can enforce by monitoring and restrict such application activities. However, it is also to be noted that CASB's can still co-exist with NGFWs for high level of application restrictions.

Benefits of CASB for Enterprises:

There are a number of reasons why organizations may choose to use a Cloud Access Security Broker (CASB):

1. To secure access to cloud services: CASBs provide an additional layer of security between the cloud service and the organization's users, helping to protect against unauthorized access and data leaks.

2. To enforce security policies: CASBs can be used to monitor and enforce security policies for access to cloud services, ensuring that users are only able to access resources that they are authorized to access.

3. To protect against data loss: CASBs can help to prevent data loss by providing data loss prevention (DLP) capabilities, such as the ability to block the transfer of sensitive data to unauthorized locations.

4. To protect against threats: CASBs can help to protect against threats such as malware and ransomware by providing threat protection capabilities, such as the ability to scan for and block malicious files.

What makes CASBs unique is that they provide security for cloud-based services, which is a growing concern as more and more organizations adopt the cloud. CASBs can help organizations to secure their data and users in the cloud while still being able to take advantage of the benefits of the cloud.

CASB is one of the essential component as part of the Secure Access Service Edge(SASE) framework as described by Gartner. There are various deployment models available as part of CASB solution such as:

1. Inline CASB
2. API based CASB
3. Reverse Proxy CASB

Enterprises can make use of one or more hybrid models to secure their data on cloud. Going forward CASB would be one of the most demanding and necessary technologies that would be required by most enterprises to meet their cyber security strategies.