I've been reading more about cloud access security brokers. How would you define them in practical terms, and what...
are the security benefits for organizations that use public cloud services?
Cloud access security brokers (CASBs) are services that sit between an organization's on-premises infrastructure and the cloud provider's to ensure enterprise security policies are enforced. CASBs allow enterprises to extend the reach of their policies beyond their own infrastructure by ensuring network traffic between on-premises devices and the cloud comply with those policies.
Brokers may enforce a number of different security controls, including encryption and device profiling. They may also provide other services such as credential mapping when single sign-on is not available.
CASBs are particularly useful in organizations with "shadow IT" operations or liberal policies that allow operating units to procure and manage their own cloud resources. CASBs act as a gatekeeper to enforce compliance with enterprise policies even if network traffic does not originate with formally managed devices. CASBs can use auto-discovery features to identify cloud applications in use. These features can also help identify high-risk applications, high-risk users and key risk factors, such as key management.
CASB services may collect data that is useful for other purposes, such as demonstrating compliance, monitoring cloud service usage and auditing. Vendors in the cloud access security space include SkyHigh Networks and Netskope.
The value of cloud access security brokers stems from their ability to give insight into cloud application use across cloud platforms and to identity unsanctioned use. This is especially important in regulated industries. Of course, any enterprise at risk of substantial data breaches can also benefit from monitoring the applications and workflows that manipulate confidential and private data.
Ask the Expert!
Have a question about cloud security? Send it via email today! (All questions are anonymous.)
Learn how cloud service brokers can both help and hinder enterprise security