What is a CASB Tool?

Cloud Access Security Brokers (CASBs) are on-premises or cloud-based tools that offer a wide range of capabilities for securing the cloud and mobile devices. CASB tools protect data across SaaS, IaaS and private cloud apps by serving as an intermediary between cloud apps and end users. 

A CASB solution can provide firewall services, identity management, encryption control, anti-malware protection, threat management and other security services. To secure cloud applications and usage, CASB tools ensure that an organization’s security policies are enforced by cloud providers while giving IT and security teams greater visibility into how cloud applications and services are being used and where employees may be relying on shadow IT.

The rapid adoption of cloud applications, services and infrastructure has transformed how organizations manage operations and their IT environments. The cloud enables faster time-to-market, significant cost savings, higher productivity and easier collaboration. The cloud has also enabled the transition to a hybrid workforce, where a majority of employees may work from home or outside the office, remotely accessing IT resources and cloud services via mobile devices.

While these benefits are impressive, the adoption of cloud services also introduces significant risks.

• Sophisticated cyberattacks. From ransomware to supply-chain attacks and malicious apps, cyber threats continue to proliferate and cause millions of dollars in damages for companies that succumb to these attacks.
• Unauthorized access. Threat actors often seek to gain illegitimate access to assets in the cloud through social engineering campaigns, account takeover attacks or by exploiting software vulnerabilities or security misconfigurations.
• Regulatory compliance. There is a growing body of regulation concerning how certain types of data are used, stored, retained, accessed and destroyed. When transferring and storing data in the cloud, IT administrators may lose visibility into how and where data is being stored, making regulatory compliance more difficult.
• Shadow IT. In an effort to stay productive, many employees use commercial cloud services that are not protected by the organization’s security stack.
• Insider threats. With employees working from anywhere, it’s harder for security teams to prevent employees, partners or vendors who have access to the network from surreptitiously transferring, sending or downloading sensitive information.
• Changing security models. Managing security in the cloud is a responsibility that is shared between an organization and the cloud provider, but it’s not always clear to IT teams which entity is responsible for certain tasks. This is complicated by the fact that different types of cloud services – SaaS, PaaS and IaaS – may each have a different paradigm for shared security responsibility, potentially resulting in significant security gaps.

CASB tools help manage the risks of cloud computing by providing capabilities and functionality in four key areas:

• Visibility. CASB tools give IT teams complete visibility into who is using what cloud services and what risks are associated with each cloud application and user. Administrators can view sanctioned and unsanctioned cloud services, identify high-risk applications and users and apply granular policies to limit risk and control cloud computing costs.
• Threat protection. With real-time monitoring of cloud usage, CASB tools can help to identify and block cyberattacks, insider threats and attempts at unauthorized access.
• Data security. CASB tools can enforce encryption for certain kinds of data, control access to specific assets in the cloud, block sensitive data from leaving the organization and prevent unauthorized use of data assets.
• Regulatory compliance. CASBs automate enforcement of policies that ensure compliance with a broad array of regulations like HIPAA, PCI DSS, GDPR and others. CASB tools can also identify key areas of compliance risk, helping IT teams to identify areas of improvement.
   

CASB tools are software solutions from CASB providers that may be hosted on-premises or in the cloud or offered as a service. CASBs are positioned between end users and cloud providers or cloud-based applications, monitoring and filtering requests for access and usage of data. In this capacity, CASBs perform a wide range of tasks that fall into three categories:

• Discovery. CASBs use AI and machine learning to identify what cloud applications are in use and who is using them, including high-risk applications and high-risk users.
• Classification. CASB software evaluates each application, identifies the data being used and determines a level of risk associated with that usage.
• Enforcement. CASBs enforce a wide range of security policies for authentication, single sign-on, encryption, malware detection, threat prevention, credential mapping and more.

Common use cases for CASB tools include:

• Securing access to cloud applications and data from unmanaged devices, without requiring the installation of software on employees’ personal mobile phones and tablets.
• Preventing data loss by enforcing encryption, monitoring traffic and blocking sensitive data from leaving the organization without authorization.
• Limiting risky filesharing by blocking access to unsanctioned cloud apps.
• Defending against known and zero-day malware using advanced threat protection that leverages behavior-based detections.
• Enforcing encryption for data at rest.
• Securely authenticating users seeking access to cloud resources.
• Blocking access to unmanaged cloud applications.
• Supporting Secure Access Service Edge (SASE) security initiatives.

As a leading provider of solutions built to protect the modern enterprise, Forcepoint offers a cloud access security broker solution as part of Forcepoint ONE, an all-in-one, cloud-native security platform. 

Forcepoint ONE CASB provides Zero Trust access to cloud applications with continuous control of business-critical data, no matter where users connect from or what device they use. Security teams gain full visibility and control over data in any application, including shadow IT, to enable safe and high-performance use everywhere. 

With Forcepoint ONE CASB, organizations can: 

• Secure data in any cloud application. Forcepoint consistently enforces security across all cloud applications for managed and unmanaged devices.
• Extend best-in-class DLP to the cloud. 190+ pre-defined data security policies and customized controls available through Forcepoint DLP help to continuously secure data in use across the web.
• Deliver high availability and high performance. Running on the AWS hyperscaler platform, Forcepoint CASB delivers 99.99 percent service uptime with unlimited scalability and no planned downtime.
• Provide frictionless access from any device. Forcepoint provides control over both managed and unmanaged devices with agentless deployment and secure access for contractors. 
• Block malware hidden in business data files. Using malware engines from BitDefender and CrowdStrike, Forcepoint ONE CASB detects and blocks malware and data in motion between users and SaaS apps as well as malware in files in popular SaaS and IaaS storage solutions.
• Detect and control shadow IT. By detecting and listing unmanaged SaaS apps, Forcepoint CASB allows administrators to build policies that block access or direct users to approved apps.

Forcepoint’s solution provides CASB for Office 365 and other popular cloud platforms. Contact Forcepoint to learn more about CASB pricing and implementation.