For many enterprises, security and compliance concerns hamper adoption of cloud applications. Furthermore, cloud applications are accessible from anywhere dragging mobile and BYOD security concerns into the picture. Cloud Access Security Brokers are a category of security tools that help enterprises safely enable cloud apps and mobile devices.
According to Neil MacDonald and Peter Firstbrook at Gartner (The Growing Importance of Cloud Access Security Brokers, May 30, 2012),
“For business leaders and information security professionals looking to securely enable the use of cloud-based services from managed and unmanaged devices, CASBs offer a solution without compromising the need to ensure compliance with enterprise security policies.”
CASBs work by intermediating or “proxying” traffic between cloud apps and users. Once proxied, these tools provide:
• Visibility—audit logs, security alerts, compliance reports, etc.
• Data Security—access control, data leakage prevention, encryption, etc.
Together, these functions fill in the gaps otherwise encountered when an enterprise moves from internal, premises-based applications to cloud apps like Salesforce, Google Apps, or Office 365. For enterprises in heavily regulated industries, like Finance and Healthcare, use of a CASB might be the only practical approach to enabling cloud apps. More broadly, any organization with sensitive data to protect would be well served by considering this emerging solution category.
To help provide more color on what CASBs do, we have created The Definitive Guide to Cloud Access Security Brokers. Over the next couple of weeks, we'll be providing the entire document via a series of posts on this blog. Of course, if you prefer to binge read your Definitive Guides much like you binge watched Breaking Bad on Netflix, you can download the whole thing immediately, right here.