According to the recent cloud security report, despite all of the benefits, the cloud still bears challenges — data security risk made it to the top (57 percent) of the list of barriers to faster cloud adoption followed by compliance challenges (26 percent). The finding emphasizes that security teams should reassess their security postures and strategies to address the shortcomings of the security tools to protect the business-critical data.
The recent security breach that happened at Capital One was related to Amazon could environment which raises many concerns about the security risk that every organization faces today having critical & business-sensitive data being stored in the public environment.
One of the segments of cloud security is the Cloud Access Security Broker (CASB) and can help enterprises to solve these challenges to a great extent.
What is CASB? A Cloud Access Security Broker is a policy enforcement point that delivers data and threat protection in the cloud on any device and anywhere. While blocking unsanctioned applications based on the use-case and implementation architecture — one of the primary focus is shadows IT discovery. It is also known as an unsanctioned or unapproved application classified according to the risk identified by the organizations to block certain types of cloud applications in the environment. CASB enables organizations to quickly identify and manage the use of cloud applications regardless of they’re managed or unmanaged — prevent sensitive data from being exfiltrated from the environment by risky insiders or malicious cybercriminals.
With respect to the functionality, CASB solutions generally provide visibility, compliance, data security, and threat protection capabilities and the technology can be deployed as a SaaS app, on-premises virtual or physical appliance as enterprises prefer or use case basis.
CASB Feature & Benefits
Cloud Application risks scoring — CASB can automatically audit cloud traffic to discover and provide overall risk profiling across hundreds of cloud applications used by the enterprise with each application given a risk score to help determine the level of overall risk that an application can present and help implement mitigation controls. It also provides Cloud Confidence Index(CCI) rating which essentially assesses an app’s enterprise readiness based on objective criteria, and assigns an overall risk score or reputation which then can be added to the enterprise security policy to only allow application which meets desire reputation and block such applications don’t meet the reputation.
Visibility and Control — CASB provides visibility and control of cloud services being used — gives an understanding of cloud services usage and allows define targeted security policies based on application instance, risk activity and data.
Data Security — Provides the ability to enforce data-centric security policies to prevent unwanted activity based on data classification, discovery and user activity monitoring of accessing sensitive data or privilege escalations. Data Loss Prevention(DLP) feature is one of the prevalent deployed control to audit, alert, block, quarantine and delete the sensitive data and be able to reduce the data exposure risk.
Threat Detection & Compliance — Can help prevent unwanted devices or user access to cloud services. Some of the CASB technology further can augment identifying anomalous behavior using User & Entity Behavior Analytics(UEBA) capabilities and the use of threat intelligence in the identification and remediation of malware.
CASB can help address gaps in security resulting from the significant increase in cloud service adoption and enterprise mobility. CASB solutions deliver some of the unique capabilities that are generally unavailable in security technology like Web application firewall, secure web access gateway, etc. these capabilities are provided across cloud services delivery models SaaS, IaaS and PaaS.
So it becomes a challenging initiative for enterprises to include CASB in their cloud security strategy as a control panel to see the overall risk of cloud services being used. It requires considerable efforts to evaluate multiple vendors against the unique requirements and objectives that enterprises have to meet before they can implement the solutions or select the vendor technology.
In addition, enterprises need to carefully evaluate the vendors and the list of applications and services supported. For example, one CASB vendor could support MS Office 365 vs another just supports BoX or Dropbox or BYOD use cases. Enterprises can also leverage CASB capabilities to discover what cloud applications are used in their enterprise. Otherwise, the IT department will not have visibility as to what cloud apps and services their employees are using at the workplace which could lead to exposure of sensitive corporate data.
Lastly, it is also very important for enterprises to consider during the evaluation of a CASB vendor solution to check if on-premises data protection solutions like data loss prevention technology can be integrated with CASB solutions and services for enterprise-wide data protection security policies and controls and not consider cloud applications in isolation from on-premises data environment.