How CASB Addresses Security Policy Concerns

by | Mar 26, 2023

CASB, Cloud Access, Cloud

Image credit: Designed by macrovector / Freepik

Last week I wrote about the common security challenges that CISOs are confronted with. The decentralization of IT and increased cloud adoption, raises questions about security on a cloud service provider’s infrastructure. Who (or what technology) can ensure enterprise-grade security policies that we had on-premise for years? That’s where CASB or Cloud Access Security Broker comes in. It addresses many of the security challenges that I wrote about in last week’s post.

– Brian Pereira, Digital Creed

Image credit:
Designed by macrovector / Freepik

What is CASB?

CASB is a term coined by Gartner in 2012. The Gartner definition says CASBs are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement.

According to Tech Target, CASB is a software tool or service that sits between an organization’s on-premises infrastructure and a cloud provider’s infrastructure. CASBs are available as both an on-premises or cloud-based software as well as a service.

 CASB acts as a gatekeeper, allowing organizations to extend the reach of their security policies beyond their own infrastructure.

In my last post I wrote about users increasingly accessing enterprise SaaS based applications directly from the cloud. And the need to bypass the need for the user to go to the data center first at the HQ (backhauling) and then re-route the access request to the cloud.

Well, with CASB, the security policy concerns are now addressed. The security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.

CASBs ensure that network traffic between on-premises devices and the cloud provider complies with an organization’s security policies.

According to Tech Target, CASBs use autodiscovery to identify cloud applications in use and identify high-risk applications, high-risk users and other key risk factors. Cloud access security brokers may enforce a number of different security access controls, including encryption and device profiling. They may also provide other services such as credential mapping when single sign-on is not available.

Identity and access management has become so important these days, because users, devices, applications and workloads are everywhere. A CISO needs visibility into all this and CASB can offer this visibility.

CASBs include firewalls (network level) and Web Application Firewalls (application level) that inspect packets and look for/ block malware.

Additionally, CASBs also address data loss prevention or DLP to ensure that users do not transfer data outside their organization (data leakage).

Organizations are increasingly adopting CASB to address cloud service risks, enforce security policies, and comply with regulations, even when cloud services are beyond their perimeter and out of their direct control. 

Come back next week for more alphabet soup!

 

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles