rvlsoft - Fotolia
Cloud access is more secure than ever, thanks to tools like two-factor authentication and advanced encryption. But other security options -- in particular cloud access security brokers -- bear watching.
In a nutshell, a CASB provides a unified, consistent method for users to access cloud resources, regardless of where those users or resources are located. As a result, CASB tools give security managers a unified way to control and manage not just logins, but other security functions today and in the future.
Among other features, here are some key roles a CASB can play.
Login security. A CASB enables the implementation of consistent policies overseeing login, password restrictions and related functions. For example, you can require the use of strong, multifactor authentication, a function that might not be offered by all of the cloud apps used by your company. Having a strong and stable security policy in place is essential for implementing a secure work environment.
Shadow IT control. CASB tools reveal the cloud apps used by corporate employees, along with the duration each employee spends using the application and the amount of data consumed. This helps reduce shadow IT -- apps or resources that are in use but not officially sanctioned -- and the related security vulnerabilities associated with the practice. A CASB will enable you to identify and control -- or stop -- shadow IT services in your company. Even if some form of shadow IT is permitted, it can be brought into compliance via the CASB. This type of visibility can often be reason enough to implement a CASB.
Data security. A CASB can do a lot more than monitor cloud access. In the event of a suspicious login or other anomalous condition, a CASB will notify security managers of the attempt and disable the account in question. Many CASB tools can be integrated with data loss protection/prevention (DLP) platforms. This is a critical security feature that can prevent users from exfiltrating -- i.e., stealing -- data via cloud app connections. For example, if a credit card information upload should be restricted from being saved to Dropbox, DLP would detect and prevent that transfer.
Threat protection. CASBs provide an additional layer of shielding to protect your network and users from inbound threats. Positioned between users and cloud apps, they are in a perfect position to detect threats and aid in remediation. Many CASB tools will integrate tightly with popular cloud apps, thus providing additional functionality. Some boast APIs that can be used for advanced, custom functions. They may also integrate with security information and event management systems to provide enterprise-level visibility.