In five questions or less, an industry expert defines and explains a technology, term or trend in CBR’s Tech Express – with this installment seeing Eduard Meelhuysen, head of EMEA at Bitglass, explain CASB – Cloud Access Security Broker.
CBR: What is a CASB?
EM: A Cloud Access Security Broker (CASB) acts as a gatekeeper between a company’s data/devices network perimeter and the multiple cloud services it employs.
CASB software allows companies to extend their security policies to SaaS applications such as Salesforce, Dropbox or Office 365, and IaaS such as AWS or Azure. In a nutshell, CASB helps companies ensure that corporate data is secure end-to-end, from cloud to device and vice-versa, respectable of the device (managed or unmanaged (BYOD)), location or user.
CBR: Why do businesses need CASB?
EM: The SaaS applications used by so many organisations today are transformative, but they store (sensitive) data outside the corporate network and on-premises security systems and policies. This means that the additional layers of visibility, data protection and access control provided by CASB are required to ensure both secure and compliant public cloud usage.
In addition, modern BYOD policies can leave businesses staring liabilities in the face as employees begin to use cloud services without the IT department’s knowledge. This so-called ‘Shadow IT’ leaves data in the dark. Businesses have a responsibility to keep track of sensitive data, and with GDPR around the corner there’s no room for complacency. CASB can help enterprises make a compliant move to the cloud.
CBR: What do CASBs provide businesses?
EM: CASBs provide businesses with four key capabilities:
Visibility: CASBs are unique in their ability to provide visibility over all cloud apps deployed in an organisation.
Compliance: CASBs impose controls on cloud usage to ensure compliance with specific industry regulations such as GDPR.
Data security: Using data classification and user behaviour analytics, CASBs enforce security policies and monitor sensitive data access and usage across all user devices.
Threat protection: CASBs prevent unauthorised devices or suspicious users from accessing critical data and cloud services. They also offer discovery services to identify vulnerable, or suspicious traffic.
CBR: What are the challenges for businesses in deploying/adopting CASBs?
EM: The main challenge faced by enterprises when adopting a CASB is the choice of architecture: proxy or API? Architecture is foundational and, thus, tricky to change. Both types provide organisations with control and visibility into data in cloud applications. Proxy based CASBs are networking vendors; they process traffic similar to Web Gateway vendors. This is a more difficult engineering exercise than that of using APIs. Therefore, it is relatively easy for a proxy vendor to begin supporting APIs, but not the reverse.
Businesses must be aware that, if they choose an API-only CASB, it will be considerably harder for them to retrofit proxy architecture to their platforms. In the end businesses should choose a solution which delivers both as the cornerstone of the CASB solution.
CBR: What are the main benefits for businesses in having CASBs?
EM: CASB is the only technology that can effectively secure all data residing outside an enterprise’s network perimeter, typically in cloud applications or mobile devices. With more and more companies embracing BYOD (80% of employees admit to using it) and SaaS applications, CASB can help to get a handle on the movements of sensitive data, without compromising the end user experience of cloud apps. This will enable businesses to safely enable cloud applications for their users/employees, without the compromise of potential dataleakage.