What is a Cloud Access Security Broker (CASB)?
A cloud access security broker (CASB) is a software security service that acts as an intermediary between business cloud users and cloud providers. CASBs monitor data flow to and from cloud platforms, ensuring that cloud use comply with information security policies and regulations. Much as a firewall enables businesses to enforce security policies for incoming and outgoing network traffic, a CASB enables them to enforce infrastructure and information security policies for cloud use.
Before the advent of cloud computing, IT infrastructure was hosted in on-premise or colocated data centers. IT and security professionals could enforce security policies because they controlled the hardware and software stack. Businesses have less control over hardware and software in the cloud era, but a CASB allows them to extend security policies from on-premise environments to cloud environments.
What Does a Cloud Access Security Broker Do?
A CASB is a security service hosted either on-premise or in the cloud. It mediates connections between devices used by employees and cloud services. The primary purpose of CASB security systems is to reduce the risk of sensitive data being insecurely stored, accessed, and processed on cloud platforms.
CASBs are sophisticated platforms that can enforce a broad range of security controls. CASB capabilities include:
CASBs are designed to solve a specific set of problems, so they may not include all of the features in this list. When selecting a CASB, businesses first assess their needs and then choose a CASB security solution that addresses their use case. Platform compatibility is one of the most critical factors. CASBs interact with cloud providers via APIs, which differ between platforms. For example, a business that uses AWS will choose a CASB that supports Amazon’s cloud platform, such as Bitglass.
Why Do Cloud Users Need a CASB?
Cloud platforms—whether SaaS, PaaS, or IaaS—attract businesses and employees because they reduce complexity, offer a versatile range of services, and are less expensive than self-managed infrastructure. However, companies quickly discover that a lack of “walled garden” control makes securing cloud environments more complex.
Employees often use unsanctioned cloud services to circumvent security restrictions and limitations in approved software. This is the well-known shadow IT problem. In 2019, a McAfee study showed that businesses use hundreds more cloud services than they know about. These services are not subject to security policies, compliance oversight, or internal governance processes.
CASBs were initially developed to address the shadow IT problem by helping businesses to gain visibility into the cloud applications employees use. Over time, they have been enhanced with numerous other features that empower businesses to take back control of infrastructure security and cloud compliance.
What Are the Four Pillars of CASB?
The Gartner IT research consultancy describes CASB solutions as having four main pillars of functionality:
How Does a CASB Promote Compliance in the Cloud?
Cloud access security brokers facilitate secure and compliant cloud use. Because CASBs provide visibility into and control over data use in the cloud, businesses can more effectively enforce cloud security controls that support regulatory compliance goals.
However, CASBs are only part of a comprehensive cloud security program. They are one component of a layered approach to cloud security that also includes security awareness training and cloud security audits conducted by qualified information security auditors.
To learn more about cloud security and cloud compliance audits, visit KirkpatrickPrice’s cloud security resources, including dozens of educational videos and our free AWS security scanner.