This content is part of the Essential Guide: Secure cloud computing requires key skills, knowledge of tools
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How can cloud access security brokers improve enterprise security?

Cloud access security brokers can help enterprises enforce security policies in the cloud. Expert Dan Sullivan discusses the benefits.

I've been reading more about cloud access security brokers. How would you define them in practical terms, and what...

are the security benefits for organizations that use public cloud services?

Cloud access security brokers (CASBs) are services that sit between an organization's on-premises infrastructure and the cloud provider's to ensure enterprise security policies are enforced. CASBs allow enterprises to extend the reach of their policies beyond their own infrastructure by ensuring network traffic between on-premises devices and the cloud comply with those policies.

Brokers may enforce a number of different security controls, including encryption and device profiling. They may also provide other services such as credential mapping when single sign-on is not available.

CASBs are particularly useful in organizations with "shadow IT" operations or liberal policies that allow operating units to procure and manage their own cloud resources. CASBs act as a gatekeeper to enforce compliance with enterprise policies even if network traffic does not originate with formally managed devices. CASBs can use auto-discovery features to identify cloud applications in use. These features can also help identify high-risk applications, high-risk users and key risk factors, such as key management.

CASB services may collect data that is useful for other purposes, such as demonstrating compliance, monitoring cloud service usage and auditing. Vendors in the cloud access security space include SkyHigh Networks and Netskope.

The value of cloud access security brokers stems from their ability to give insight into cloud application use across cloud platforms and to identity unsanctioned use. This is especially important in regulated industries. Of course, any enterprise at risk of substantial data breaches can also benefit from monitoring the applications and workflows that manipulate confidential and private data.

Ask the Expert!
Have a question about cloud security? Send it via email today! (All questions are anonymous.)

Next Steps

Learn how cloud service brokers can both help and hinder enterprise security

Dig Deeper on Evaluating Cloud Computing Providers

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Would your enterprise consider using a cloud access security broker? Why or why not?
I believe it is fine to use a CASB so long as deployment gets done in the following three ways:
  • Via a proxy-like, on-premises gateway
  • Through a host-based agent model
  • With an API-based, cloud-native SaaS solution.
CASBs are important as cloud applications projections show they are here to stay. Cloud application dealers are solving security issues by securing the infrastructure layer. Lastly, a public cloud application gets increasingly seen as a business enabler.