What is a CASB? (Cloud Access Security Broker)

Coined by Gartner in 2012, CASBs or Cloud Access Security Brokers "...are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASB solutions consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on."

A cloud access security broker (CASB) works by securing data flowing to and from in-house IT architectures and cloud vendor environments using an organization's security policies. CASBs protect enterprise systems against cyberattacks through malware prevention and provide data security through encryption, making data streams unreadable to outside parties.

CASBs were created with one thing in mind: protecting proprietary data stored in external, third-party media. CASBs deliver capabilities not generally available in traditional controls such as secure web gateways (SWGs) and enterprise firewalls. CASBs provide policy and governance concurrently across multiple cloud services and provide granular visibility into and control over user activities.

Visibility

Cloud apps unknown to IT result in information assets that are uncontrolled and outside the governance, risk, and compliance processes of the enterprise. Enterprises require visibility into cloud app account usage, including who uses which cloud apps, their departments, locations, and devices used.

Data Security

Data loss prevention (DLP) solutions  are designed to stop enterprise data leaks due to unauthorized sharing but the cloud makes sharing data with the wrong people easier than ever before. If an organization uses cloud file storage, a traditional DLP product will not know what data is shared externally and who is sharing it.

Threat Protection

It can be difficult to guard against the malicious intent or negligence of authorized users. To detect suspicious insider behavior, organizations need a comprehensive view of their normal usage patterns. Along the same lines, former employees pose significant risk, as they may have been disabled from the organizational directory, but can still access cloud apps that contain business-critical information. PWC found that security incidents attributable to former employees rose from 27% in 2013 to 30% in 2014.

Compliance

As data moves to the cloud, organizations will want to ensure they are compliant with regional regulations that ensure data privacy and security. A CASB can help ensure compliance with regulations like SOX and HIPAA as well as help benchmark your security configurations against regulatory requirements like PCI DSS, NIST, CJIS, MAS and ISO 27001.

BYOD, Shadow IT, and Increased Cloud Usage

Phenomena such as BYOD (bring your own device) policies, the growing popularity of SaaS and cloud apps, and the rise of Shadow IT make restricting cloud app access to a defined set of endpoints a difficult task. Managed and unmanaged devices often require different policies to protect corporate data effectively. CASBs help enforce granular access polices as well as identify and categorize cloud apps in your organization.

App Discovery—Obtain a global view of all cloud apps

• Discover all cloud apps accessed by employees
• Inventory cloud apps and assess risk posture – for each app and at an organizational level
•  Aggregate firewall and proxy logs across the enterprise
•  Generate a global view of cloud app usage, including metrics for traffic volume, hours of use, and number of accounts
•  Create a baseline view so you can see how many apps have been added over a givenperiod of time
•  Drill down into each cloud app to perform detailed risk analyses

Risk Governance—Assess risk contextually and set mitigation policies

•  Identify high-risk activities for your business
• Determine who has standard and privileged access to an app
• Identify dormant (i.e., accounts not accessed for several days), orphaned (e.g., ex-employees), and external (e.g., partners) accounts to create appropriate access policies
• Benchmark current app security configurations against regulations or best practice guidelines to pinpoint security and compliance gaps
•  Assess and define access policies based on the location of users and/or a cloud service provider’s data centers (i.e., location-based access control)
• Assign tasks to resolve user and application issues
•  Leverage a built-in organizational workflow to assign and complete risk mitigation tasks via Forcepoint CASB or through integration with 3rd-party ticketing systems

Audit & Protection—Automatically enforce policies & protect against credential misuse & malicious insiders’ acts

• Monitor and catalog who is accessing cloud apps from managed and unmanaged endpoints
• Track and monitor privileged user access and configuration changes
• Monitor cloud app usage across multiple context-aware categories, including user, location, device, action, data object and department usage
• Ensure real-time detection of anomalous and suspicious behavior
• Implement attack remediation, including strong user verification, block application actions (e.g., block downloads of shared documents) and account access
• Enforce location-based access control (aka “geo-fencing”) policies
• Enforce endpoint access controls for managed and unmanaged devices, whether originating from a browser or a native mobile app
• Monitor and control uploads, downloads, and sharing of sensitive data for over 100 file types
• Inspect files and content in real-time to ensure that PII, PCI, HIPAA and other sensitive information stays protected