Security "Bits"

Protecting Data "At Access" with a CASB

By Rich Campagna | August 25, 2014 at 5:37 AM

cloud_access_security_broker_access_controlThis is post #6 in our series on Cloud Access Security Brokers (Post #1#2#3, #4, #5). 

In this post, we're diving into security at access, and how a CASB can help. Note: this post is an abbreviated version of the information that appears in The Definitive Guide to Cloud Access Security Brokers. 

Since CASBs act as a proxy between cloud apps and users, they have the ability to see all traffic to/from those cloud apps, and to inspect and secure data. At access, CASBs provide visibility, identity, access control, and data protection. 

VisibilityCASBs are able to provide visibility into user behaviors and activities across all cloud applications. Typically, visibility comes in the form of a complete audit log with higher-level analytics, reports, and alerts on that data. Analytics and reports can help you to observe trends and insights into deviations from normal behavioral patterns. Alerts can keep you apprised of potential security and compliance issues, such as inappropriate data access, user account compromise, etc. 

IdentityA CASB should help you to ensure that all cloud apps leverage a single identity store, either by authenticating users directly against your corporate directory, or through a third party cloud identity provider. This eliminates redundant accounts and allows you to more effectively enforce password policies. Some CASBs are able to act as a cloud identity provider, eliminating the need to purchase a third party solution. 

Access Control - Access Control answers the question of who is allowed to access a particular cloud app, and under what conditions and context. A CASB should enable you to define policies by applications, or even by functionality within an application. Such policies are based on attributes like group/role, device, geography, etc.

Data ProtectionAt access, CASBs are responsible for identifying and classifying sensitive information, and then allowing the customer to create policies that determine what should be done with that data. Policy actions range from lightweight visibility mechanisms to outright blocking. A lightweight CASB action might be to allow data to be downloaded, but either encrypt or track that data (see “On the Device” section for more detail). More aggressive actions would include redacting sensitive data from a particular transaction, or blocking a file from download altogether. 

To help provide more color on what CASBs do, we have created The Definitive Guide to Cloud Access Security Brokers. We're providing the entire document via a series of posts on this blog. Of course, if you prefer to binge read your Definitive Guides much like you binge watched Breaking Bad on Netflix, you can download the whole thing immediately, right here. 

Download the Definitive Guide



see all