Thursday, August 10, 2017

Do I need a Cloud Access Security Broker (CASB)? What does it do?

When it comes to security in IT, you just aren't allowed to blink. A few years ago no one had heard of a CASB. Look at the latest Security+ exam objectives and it's only a line item in the glossary. But today businesses are waking up to the reality that a CASB is critical to their security design, and if the vendors are to be believed, it's a matter of when, not if, a CASB is rolled into the security infrastructure.

Let's break up the acronym to see why.


  • Cloud - OK, so cloud technologies are ubiquitous these days. Maybe you deal in the heavy stuff - custom content written to Amazon Web Services (AWS), Microsoft Azure, or Google Cloud platform. Maybe you consume prebuilt high profile cloud apps like Google Drive, Office 365, Rackspace, NetSuite, Meraki... the list goes on and on, right? And what was an exception may not yet be the rule, but it is business as usual.
  • Access Security - What's the concern with the cloud? Time and time again it is the consumer's question - where is my data? Is it safe? When you relinquish absolute control over the data management you then have to start trusting your provider. Which would be great if it weren't for the fact that we know there are so many black hats out there constantly looking for vulnerabilities and opportunities. It's hard enough to keep your own environment locked down correctly. Are you going to have to pay attention to every cloud proprietor you do business with as well?
  • Broker - So this is where we introduce a middle-man (not to be confused with a man-in-the-middle attack!) - the CASB.  The CASB will be a drop point to lock down the cloud services that YOU need to track. It will give you the access security means to detect and enforce policies regarding acceptable Cloud technology use. 

The job of the CASB then is to allow the IT department to say "Yes" to various cloud technologies without having to worry about sensitive data leakage into untrusted environments. This can mean protection in the form of real time monitoring of traffic to provide Data Loss Prevention (DLP) and/or encryption of sensitive files. It also means that a single sign on through the CASB to access cloud services that don't support SSO themselves. THAT in turn can grant you tools for access control based on your own internal user accounts, which can be disabled and easily audited. In other words - Booya! You're in control again.

No comments: