What Is CASB And Is It The Right Security For You
If your business uses cloud storage, how can you prevent security breaches? Although some cloud hosts offer security, consider a cloud access security broker (CASB). Find out how CASBs are now one of the top technologies for data security.
What Is a CASB?
Image via Flickr by perspec_photo88
The benefits of the cloud are numerous. It allows enterprises to scale on demand, enables employees to collaborate and access files from anywhere at any time, and it eliminates the over-head cost of maintaining one’s own datacenters and software. And since software updates are pushed to customers automatically, there is no need to upgrade or maintain the cloud application.
Despite the advantages of the cloud, security remains one of the barriers to broader cloud adoption. Traditional IT setup gave ample security control to the enterprise, in the form of firewalls, proxies, data loss prevention, and SIEM. In the cloud era, security is considered a shared responsibility between the enterprise and the cloud service provider (CSP). The CSP is responsible for the underlying infrastructure security (i.e. pen testing, vulnerability testing, intrusion prevention). The enterprise is responsible for security “in” the cloud (data loss prevention, access control, collaboration control). However, enterprises can’t simply take the security stack used to protect on-premises IT infrastructure and extend it to the cloud. What they require is a dedicated cloud security solution such as a CASB. CASBs are defined as the primary security control point between an enterprise and the public cloud.
A CASB checks to make sure an enterprise’s cloud usage complies with internal and external information security policies. CASB software gives businesses control over who accesses data stored in cloud application, provides threat protection capabilities, and monitors employee activities for post-incident forensic investigations.
One of the best features of a CASB is the ability to find Shadow IT, software adopted by an employee without the knowledge of your IT department. If an employee uses non-secure cloud applications, a system could become more vulnerable to attacks from malware and viruses. The CASB can also detect excessive downloads, uploads, sharing, or any other anomalies.
Choose the Platform
CASBs can come in multiple flavors. A CASB can be deployed in an on-premises datacenter or in the cloud itself. You choose whether to use the CASB as a physical or virtual device. Using the software as a virtual services choice, also called SaaS, offers easy management and seems to be the preference of many businesses. But certain industries need the on-site security system for compliance reasons.
Select the Mode
CASBs offer forward or reverse proxy or API modes. Forward proxies handle all types of cloud applications and all data, but they need virtual certificates on each device they cover. The certificate process takes too long for large companies with many types of devices such as desktops, laptops, tablets, and smartphones, to deploy. The reverse proxy system needs no special configuration or certificate installation, but it does not work with apps that interface with clients because of differently coded host names.
Using the API systems limits the range of cloud applications available because not all cloud applications support API. Since both proxy systems and API offer advantages, some enterprises prefer a multi-mode CASB that can be deployed in-line (proxy) or via API integration. To better differentiate CASB capabilities and identify CASB leaders, Gartner is expected to release the first ever CASB Magic Quadrant sometime this year.
Make the Decision
Be aware that not all CASBs offer the same level of support. If your business uses general apps for customer relations management and human resources, this type of use simplifies the choices, as most CASBs support these programs. But industry-specific software, such as software used in healthcare, presents a challenge when searching for CASBs.
The CASB market continues evolving at a quick pace because of the growth of cloud technology. But as a necessary part of today’s business, CASBs save company data from unsanctioned uses, monitor government regulations, identify high-risk software, and offer many different security controls. Even when budgeting, a CASB offers cloud service usage figures to help determine the cost of cloud services. No matter what industry you operate within, you probably use the cloud as a storage platform. CASBs can offer your business multilevel security across a wide array of applications.