CASB FAQ: Frequently Asked Questions

Q: What is a CASB? 

A: A Cloud Access Security Broker (CASB) is a policy enforcement point that secures data & apps in the cloud and on any device, anywhere.

Learn more:

Glass Class - What Is a CASB? 


Q: What is the difference between security and management?

A: Security is preventing risky events from happening, management is cleaning up after high-risk events.


Q:  What is Shadow IT? 

A: Cloud applications used by business users without IT oversight, also known as unmanaged apps.


Q: What are managed apps? 

A: Cloud Applications that are managed by IT, e.g.Office 365.


Q: What are the types of CASB? 

A:  Three types of Cloud Access Security Broker (a) API-only CASB offer basic management (b) multi-mode first-gen CASB offer management & security (c) Next-Gen CASB deliver management, security & Zero-Day protection.

Learn more: 

Glass Class - The Evolution of CASBs


Q: What is a forward proxy? 

A: A proxy where traffic must be forwarded by the end-point Such proxies require agents and configuration on client devices.


Q: What is a reverse proxy? 

A: A proxy where traffic is automatically routed, requiring no agent or configuration on the end-point.

Learn more: 

Glass Class - API vs. Proxy


Q: What is AJAX-VM? 

A: Acronym for "Adaptive Javascript and XML- Virtual Machine."  AJAX-VM virtualizes cloud apps on the fly so they can be proxied without agents.   Reverse-proxy CASB are brittle without AJAX-VM and break frequently with app changes. 


Q: What are the types of CASB architecture?

A: There are three types of CASB architecture: API-only, forward proxy, and reverse proxy.  Some CASB are API-only, others API and forward proxy. Next-Gen CASBs offer all three with AJAX-VM.


Q: What is CASB encryption? 

A: Encryption/decryption of data prior to upload/download to a cloud application. 


Q: What is searchable encryption? 

A: An encryption system that combines full encryption with a clear-text index to enable search and sort without compromising encryption strength.


Q: What is tokenization? 

A: Obfuscation by encoding each input string as a unique output string.


Q: What is agentless MDM? 

A: Mobile security for BYOD that does not require agents. Easy to deploy and has no access to personal data or apps, thereby preserving user privacy.