Problem solve Get help with specific problems with your technologies, process and projects.

How CASBs are broadening to address IaaS security

CASBs have started extending their reach into IaaS platforms. Expert Rob Shapland looks at what they're doing and the effect they could have on IaaS security.

The huge increase in the use of infrastructure-as-a-service cloud platforms -- primarily Microsoft Azure, Amazon...

Web Services and Google Cloud Platform -- in organizations highlights another potential gap in visibility for network administrators managing the security of public and private cloud systems.

Cloud access security brokers (CASBs) have traditionally focused on managing the security of software as a service (SaaS) tools by providing a central console that provides visibility and control over different cloud services.

Recently, major players in the sector, like Skyhigh Networks and Bitglass, recognized that infrastructure as a service (IaaS) uptake was growing faster than software as a service, and they are now expanding their product offerings to cover the major IaaS providers, too.

Generally, the tools offered by IaaS providers for auditing and controlling identity and access management (IAM) are very good. However, when an organization deploys data in multiple cloud environments, there comes an element of fatigue in logging into the various consoles and viewing reports or monitoring activity. These new CASB offerings enable a single console to manage these different IaaS providers.

Leveraging the CASB providers' experience in managing and securing SaaS applications, these new offerings focus on the applications deployed within IaaS. It enables the organization to monitor what data is stored in the cloud, who is accessing it and which applications have access to key data.

How CASBs could help IaaS security

Security in the cloud is about understanding where the key data is stored. Key data, in this sense, is the data that would have the most impact if it was intentionally or accidentally leaked. Without understanding who has access to this data, both at the infrastructure level and at the application level, it becomes difficult to apply security policies to protect the data.

Insider attacks especially need to be controlled by restricting data to those that require access and monitoring who accesses key data. CASBs, extended into IaaS, can aid greatly in providing this visibility.

CASBs for IaaS enable more granular control over access, and also extend data loss prevention (DLP) tools to IaaS. They can also provide context on IaaS access. For example, they can be set up to only allow Amazon Simple Storage Service buckets to be created by certain users from predefined devices or locations.

CASBs can also extend existing IAM tools and services into IaaS and provide context for them, too. For example, they can increase login security requirements for access requests from unrecognized devices. This enables organizations to have greater control over their IaaS deployments, further integrating them into their existing security policies. This is especially helpful with compliance, where the same rules need to apply wherever the data is stored.

Although IaaS vendors supply excellent tools within the consoles of their respective environments, extending CASBs to cover IaaS enables the central management of these controls and for the security profile of the organization's cloud presence to be more easily assessed and controlled. If your organization has already deployed a CASB and has applications deployed in IaaS, then it is a logical next step to allow management of these consoles via CASB.

Next Steps

Discover how to pick the best CASB for your enterprise

Learn how to strategically implement CASBs in your enterprise

Find out how to bolster DLP strategies with CASBs

This was last published in May 2017

Dig Deeper on Cloud Computing Infrastructure as a Service (IaaS) Security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Would your organization consider using a CASB for IaaS platform security? Why or why not?
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close