
{{consumer="/components/cta/consumer"}}
A cloud access security broker (CASB), is cloud-delivered software or on-premises software and/or hardware that acts as an intermediary between users and cloud service providers. The ability of CASBs to address gaps in security extends across software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) environments. In addition to providing visibility, a CASB also allows organizations to extend the reach of security policies from their existing on-premises infrastructure to the cloud and create new policies for cloud-specific contexts.
CASBs have become a vital part of enterprise security, allowing businesses to safely use the cloud while protecting sensitive corporate data.
The CASB serves as a policy enforcement center, consolidating multiple security policy enforcement functions and applying them to everything your business uses in the cloud—regardless of the kind of device attempting to access it, including unmanaged smartphones and personal laptops.
As services previously offered on-premises continue migrating to the cloud, maintaining visibility and control in these environments is essential to meeting compliance requirements, safeguarding the enterprise, and allowing your employees to safely use cloud services without introducing additional risk.
With the increase in remote workers and workforce mobility, the growth in bring-your-own-device (BYOD) programs, and the presence of unsanctioned employee app usage (Shadow IT), the ability to monitor and govern cloud applications such as Microsoft Office 365, SAP SuccessFactors and Slack has become essential to enterprise security. Rather than banning cloud services outright and potentially impacting employee productivity, a CASB enables businesses to take a granular approach to data protection and policy enforcement, making it possible to safely use productivity-enhancing and cost-effective cloud services.
{{demo-casb="/components/cta/demo-casb"}}
A CASB provides visibility and control over data and threats by employing the following steps:
The CASB uses auto-discovery to compile a list of all third-party cloud services, as well as who is using them.
Once the full extent of cloud usage is revealed, the CASB then evaluates the risk level associated with each by identifying the app and determining what sort of data is within it and and how the data is being shared.
After the relative risk of each app is known, the CASB can use the information to set data and user access policies to meet an organization’s security requirements and automatically take action whenever violations occur.
CASBs also offer additional layers of protection through malware prevention and data encryption. Read the Top CASB Use Cases
A CASB can be deployed either on-premises or in the cloud. Currently, the majority of CASB instances are SaaS-based.
There are three CASB deployment models to consider:
In a recent report, Gartner describes CASBs as an essential element of SASE. While a CASB is crucial for securing a company’s cloud usage, it is also a key part of an overall strategy businesses should employ to ensure defense from endpoint to cloud. For comprehensive protection, enterprises should also consider expanding on CASB capabilities by deploying a secure web gateway (SWG) to help safeguard internet usage and a data loss prevention solution (DLP) to protect intellectual property and sensitive corporate data across the network.