What is a CASB? (Cloud Access Security Broker)

Coined by Gartner in 2012, Cloud Access Security Brokers are defined as “on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASB solutions consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorisation, credential mapping, device profiling, encryption, tokenisation, logging, alerting, malware detection/prevention and so on."

A CASB works by securing data flowing to and from in-house IT architectures and cloud vendor environments using an organisation's security policies. They protect enterprise systems against cyberattacks through malware prevention and provide data security through encryption, making data streams unreadable to outside parties.
 

CASBs were created with one thing in mind: protecting proprietary data stored in external, third-party media. CASBs deliver capabilities not generally available in traditional controls such as secure web gateways (SWGs) and enterprise firewalls. CASBs provide policy and governance concurrently across multiple cloud services and provide granular visibility into and control over user activities.

Visibility

Cloud apps unknown to IT result in information assets that are uncontrolled and outside the governance, risk, and compliance processes of the enterprise. Enterprises require visibility into cloud app account usage, including who uses which cloud apps, their departments, locations, and devices used.

Data Security

Data loss prevention (DLP) solutions  are designed to stop enterprise data leaks due to unauthorised sharing, but the cloud makes sharing data with the wrong people easier than ever before. If an organisation uses cloud file storage, a traditional DLP product will not know what data is shared externally and who is sharing it.

CASBs can block sensitive data — such as financial records, intellectual property or personally identifiable information (PII) — from leaving the organisation. They can also prevent unauthorised access to data in the cloud and enforce encryption for certain data types.

Additionally, CASBs provide contextual access controls, meaning that a user's ability to download or share files is dependent on their device type, network location or job function. For example, a financial analyst working from a company-issued laptop in a secured office network may have full access to reports, whereas an external contractor using a personal device would only have read-only access with redacted details.

Threat Protection

It can be difficult to guard against the malicious intent or negligence of authorised users. Organisations need a comprehensive view of their normal usage patterns to detect suspicious insider behaviour. Along the same lines, former employees pose a significant risk, as they may have been disabled from the organisational directory but can still access cloud apps that contain business-critical information. PWC found that security incidents attributable to former employees rose from 27% in 2013 to 30% in 2014.

CASBs use behavioural analytics to detect anomalies in user behaviour, such as sudden mass file downloads or access attempts from unusual locations. For example, if a Malaysian employee who typically logs in from Kuala Lumpur suddenly accesses sensitive financial data from an IP address in a country known for high cybercrime activity, the broker can immediately flag the activity, trigger multi-factor authentication or block access outright.

Furthermore, CASBs integrate with Security Information and Event Management (SIEM) systems, allowing security teams to correlate threats across cloud and on-premises environments.

Compliance

As data moves to the cloud, organisations will want to ensure they are compliant with regional regulations that ensure data privacy and security. A CASB can help ensure adherence with key Malaysian regulations, including the Personal Data Protection Act 2010, relevant guidelines from the Department of Personal Data Protection (JPDP), as well as help benchmark your security configurations against regulatory requirements like PCI DSS and ISO 27001.

BYOD, Shadow IT, and Increased Cloud Usage

Phenomena such as BYOD (bring your own device) policies, the growing popularity of SaaS and cloud apps, and the rise of Shadow IT make restricting cloud app access to a defined set of endpoints a difficult task. Managed and unmanaged devices often require different policies to protect corporate data effectively. CASBs help enforce granular access policies as well as identify and categorise cloud apps in your organisation. CASBs allow security teams to generate risk assessments of cloud applications, monitor activity in real time and enforce application-specific security controls.

App Discovery—Obtain a global view of all cloud apps

• Discover all cloud apps accessed by employees
• Inventory cloud apps and assess risk posture – for each app and at an organisational level
• Aggregate firewall and proxy logs across the enterprise
• Generate a global view of cloud app usage, including metrics for traffic volume, hours of use, and number of accounts
• Create a baseline view so you can see how many apps have been added over a givenperiod of time
• Drill down into each cloud app to perform detailed risk analyses

Risk Governance—Assess risk contextually and set mitigation policies

• Identify high-risk activities for your business
• Determine who has standard and privileged access to an app
• Identify dormant (i.e., accounts not accessed for several days), orphaned (e.g., ex-employees), and external (e.g., partners) accounts to create appropriate access policies
• Benchmark current app security configurations against regulations or best practice guidelines to pinpoint security and compliance gaps
• Assess and define access policies based on the location of users and/or a cloud service provider’s data centers (i.e., location-based access control)
• Assign tasks to resolve user and application issues
• Leverage a built-in organisational workflow to assign and complete risk mitigation tasks via Forcepoint CASB or through integration with 3rd-party ticketing systems

Audit & Protection—Automatically enforce policies & protect against credential misuse & malicious insiders’ acts

• Monitor and catalog who is accessing cloud apps from managed and unmanaged endpoints
• Track and monitor privileged user access and configuration changes
• Monitor cloud app usage across multiple context-aware categories, including user, location, device, action, data object and department usage
• Ensure real-time detection of anomalous and suspicious behaviour
• Implement attack remediation, including strong user verification, block application actions (e.g., block downloads of shared documents) and account access
• Enforce location-based access control (aka “geo-fencing”) policies
• Enforce endpoint access controls for managed and unmanaged devices, whether originating from a browser or a native mobile app
• Monitor and control uploads, downloads, and sharing of sensitive data for over 100 file types
• Inspect files and content in real-time to ensure that PII, PCI, HIPAA and other sensitive information stays protected