What Is a CASB Service?

A Cloud Access Security Broker (CASB) is a solution that enforces an organization’s security policies as users access data, applications and infrastructure in the cloud. Organizations may access a CASB via software hosted on-premises or in the cloud, or as a service provided by a CASB vendor. 

Acting as an intermediary between end users and an organization’s cloud providers and cloud applications, CASB services enforce security policies concerning data security, identity and access management, threat protection, regulatory compliance and more. CASB services also provide IT teams with comprehensive visibility into what cloud assets are deployed, how they are being used and who is accessing them.
 

The rapid adoption of cloud applications and services has provided organizations with technology that improves productivity, enhances collaboration, simplifies IT management and supports highly distributed workforces and IT environments. 

Cloud computing has also introduced new risks, as threat actors increasingly direct sophisticated attacks at cloud applications and platforms. Cloud computing also tends to limit visibility for IT and security teams as they seek to identify cloud applications and data that must be protected and monitor the usage of cloud assets.

CASB services are intended to address a broad range of risks and threats arising from greater reliance on cloud computing.

• Cyberattacks. Malware, ransomware and other advanced forms of cyberattacks are a constant threat to organizations. A single contaminated file uploaded to the cloud can quickly spread to other devices, cloud assets and connected apps.
• Unauthorized access. Threat actors often seek to gain access to cloud assets using compromised credentials or brute force attacks. When successful, hackers can steal data, transfer funds, disrupt business or lay the groundwork for larger attacks.
• Insider threats. Whether it’s a disgruntled employee downloading confidential documents or an unwitting user sharing files on unsecured commercial cloud services, people inside the organization can often do as much damage as malicious outsiders.
• Shadow IT. Employees frequently turn to SaaS applications and commercial cloud tools to communicate, collaborate, organize, share files and get work done faster. Because some of these services are not monitored by the organization’s security team or protected by security policies, they form a kind of shadow IT that can introduce significant security gaps.

CASB services help to address these threats to protect data and secure applications in the cloud by automatically identifying cloud assets and applications, monitoring traffic flows between users/devices and cloud providers and enforcing a wide range of security policies. 
 

CASB software enforces a wide range of security policies in several areas:

• Data governance. CASB services provide granular visibility and control over how cloud resources are used based on a user’s identity, the service or application they are accessing, the kind of activity and the location or endpoint involved. When policies are violated, CASBs can automatically block, override, encrypt, alert or quarantine traffic.
• Data security. CASB solutions employ encryption, tokenization and other methods to prevent data in the cloud from being stolen, lost or leaked. CASBs can implement Data Loss Prevention (DLP) tools to protect data in use, data in motion and data at rest in any cloud service, proactively monitoring environments for potential violations.
• Threat protection. CASB services use various tools such as AI, machine learning and threat intelligence feeds to detect anomalies that may be connected to ransomware and malware. A CASB can immediately alert cloud security teams to active threats or suspicious activity.
• Compliance. CASB services help maintain compliance with a wide range of regulations such as PCI DSS, GDPR, HIPAA, ISO 27001 and others.
• Authentication. CASBs manage authentication through a native identity and access management (IAM) solution or integration with existing IAM technology. 

CASB services and software come with a broad array of features and capabilities.

• Support for popular cloud-based platforms. Some solutions offer coverage for productivity platforms like Slack, Salesforce, Google Docs and Office 365 Cloud App Security, for example.
• DLP. Real-time monitoring of downloads or uploads of sensitive or confidential data can better help enforce DLP policies or block a data breach.
• Sensitive content analysis. Analysis of sensitive data like Social Security numbers, credit card numbers and Personal Health Information (PHI) can support risk mitigation strategies.
• Auto-discovery. App discovery features help IT teams stay on top of cloud app usage and detect new cloud apps as soon as they are added to the IT environment.
• Device profiling. Identification of device status – including devices that have and have not accessed cloud applications before – enables IT teams to enforce policies based on a more fine-grained filtering of potential threat signals.
• Baselines. Activity baselines help to define “normal” behavior for specific applications and users, making it easier to uncover potential threats or suspicious activities.
• Risk assessment. Risk assessment allows IT teams to establish a risk profile for individual cloud apps, enabling more granular security policies.
• Automation. Automated policy enforcement features identify anomalies, trigger alerts and take action such as blocking or requiring additional authentication before granting access or allowing an action to execute.
• Access control. Role-based access control enables security teams to provide individuals in various roles with a custom set of access rights.
• Broad coverage. Coverage beyond SaaS cloud apps offers protection, tracking and monitoring for all the additional solutions in an organization’s cloud computing environment.

As a leading cybersecurity company, Forcepoint offers CASB services as part of Forcepoint ONE, a cloud-native security platform. 

Forcepoint ONE CASB provides integrated DLP and advanced threat protection to secure data in any cloud app and make it accessible from any device. Forcepoint ONE CASB is run on the AWS hyperscaler platform to maximize uptime and minimize latency.

Features of Forcepoint CASB include:

• Shadow IT reporting and blocking
• In-line inspection and control
• API inspection
• Agentless application access
• Built-in DLP enforcement across managed and unmanaged devices
• Extensive predefined policy library
• Classification tagging
• Network enforcement via ICAP
• Granular Zero Trust access and data controls based on user, device or location
• Support for CASB in Office 365 and other cloud-based platforms.