What is CASB for Office 365?

A Cloud Access Security Broker (CASB) is a tool or service that helps secure cloud applications by extending enforcement of an organization’s security policies to apps and data in the cloud. CASBs improve the visibility of cloud applications and usage, monitor activity, enhance data security in the cloud, improve threat protection, streamline regulatory compliance and simplify management of cloud app security.

As a cloud application, Microsoft Office 365 offers a native CASB in Microsoft Defender for Cloud Apps (formerly Office 365 Cloud App Security). While this CASB for Office 365 does a good job securing data and applications within its own ecosystem, it is less effective at securing data in cloud applications outside of Office 365. Consequently, many organizations augment or replace the CASB for Office 365 security with a third-party CASB solution. 

CASB software sits between end users and an organization’s cloud applications, cloud providers and cloud data. A CASB authenticates users and monitors traffic flowing to and from cloud applications to filter out cyber threats, unauthorized access attempts, data leaks or data exfiltration and unauthorized use of cloud resources. 

CASBs also provide comprehensive visibility into cloud applications and cloud usage, enabling IT teams to identify all applications in use and all users interacting with cloud data. By monitoring and filtering activity, CASBs help enforce security policies around data governance, identity and access management, threat protection, regulatory compliance and other security concerns.

CASBs employ various tools to accomplish these tasks. Gateways provide real-time insights and help enforce policies. APIs monitor activity and analyze content. Log data analyzes and secures traffic, and endpoint agents monitor activity and enforce policies on managed devices. CASBs are typically deployed as a service offered by CASB providers, as on-premises software or as software hosted in the cloud.

CASBs for Office 365 and other cloud applications are designed for several key use cases.

• Data governance and security. CASBs enable security teams to apply granular policies that govern usage based on a user’s identity, the service request, the type of activity, application being accessed and the data being used.
• Data loss prevention. By inspecting traffic to and from the cloud, CASBs can block sensitive data from being publicly exposed or shared with unauthorized external audiences.
• App discovery and control. CASBs deliver full visibility into cloud app activity, giving IT teams the visibility and control needed to secure applications in the cloud. 
• Regulatory compliance. By demonstrating a controllable process for identifying, monitoring, and protecting data in the cloud, CASBs help to streamline and improve compliance with regulatory frameworks.
• Malware detection. CASBs can block or remediate malware in sanctioned cloud services, detect and alert enterprises about login anomalies, detect suspicious behavior such as excessive downloads and block data exfiltration.
• Shadow IT. Auto-discovery capabilities help uncover usage of unsanctioned apps and services, enabling security teams to curtail shadow IT and direct users to sanctioned applications.
• Device management. CASBs enable control of cloud-based activity on mobile or desktop apps, monitoring user activities and blocking access where necessary.

Microsoft Defender for Cloud Apps – the CASB in Office 365 – supports API protections for Microsoft-supported applications, but it lacks support for applications beyond the Microsoft stack, leaving organizations with serious security gaps.

• Office 365’s CASB may not protect data shared with Salesforce, Dropbox, Marketo and other cloud applications outside of the Microsoft ecosystem.
• Relying solely on Microsoft Defender means that security teams must create a separate set of security policies and protocols for different cloud applications, rather than unifying them in a single solution.
• The CASB in Office 365 only protects sensitive data in the Microsoft ecosystem, rather than protecting info in all cloud apps.
• Built-in anomaly protection policies in Microsoft’s solution provide only basic templates that must be customized, adding one more task for budget-constrained or understaffed IT teams.
• Microsoft Defender does not provide control for both managed and unmanaged devices.
• Data protection policies for Microsoft Defender for Cloud Apps are available only for Microsoft products through Microsoft.
   

Recognized as a leader in cybersecurity by Gartner, NSS Labs and Forrester, Forcepoint offers a CASB solution for Office 365 as part of Forcepoint ONE, an all-in-one, cloud-native security platform. Forcepoint ONE CASB extends best-in-class data security to all cloud applications, including Office 365.

Forcepoint overcomes the limitations of the native technology for CASB in Office 365 to provide security teams with a complete solution for securing applications in the cloud. With Forcepoint, security teams can:

• Eliminate security gaps by setting, enforcing and governing security policies and protocols uniformly across all cloud applications. 
• Prevent login credentials from being stolen with predefined, sophisticated algorithms that fingerprint devices and learn user behaviors to improve detection of suspicious behavior.
• Manage user devices with granular access control that can block auto-syncing of email and files to eliminate serious risks.
• Monitor activities and cloud applications, identify security and compliance gaps and help prevent data leakage.
• Gain complete visibility into all Office 365 users, including contractors and ex-employees who still have access to the platform.
• View Office 365 activities in real time, including uploads, downloads and shares. 
• Identify sensitive or regulated data stored in OneDrive to ensure compliance with regulatory frameworks.
• Control sharing of sensitive data and confidential files through granular policies.
• Inspect content in real time to apply comprehensive Office 365 data loss prevention policies.
• Identify and protect all cloud applications in use and mitigate use of unsanctioned cloud applications.