Security in the Cloud: have you ever heard of CASBs?

2nd February 2017 by Pablo Pinés Léon

Learn about security in the cloud and its prime tools: Cloud Access Security Brokers. What are they, and why so much people is speaking about them? Know why you too should be interested, their main functionalities and how they can be useful

Since a rapidly increasing number of applications are either moved or directly created for the new cloud paradigm, it is clear that traditional IT security solution and data protection measures are not enough or even useful. Nowadays many if not most organizations use SaaS applications, sometimes even unaware of it, have some kind of IaaS infrastructure, public or private, and could even use some PaaS service. Very often, it’s not even the IT Department that is using them, but rather some part of the organization that uses applications that are not sanctioned by the IT Department (“Shadow IT”), but they need and use anyway, a very typical case are Cloud Storage solutions, such as Dropbox.

How can organizations know which cloud applications and services are being used in the organization, by who and how, and make sure established policies are enforced? Enter Cloud Access Security Brokers, one of the fastest growing technologies in the field of IT security, and that has been identified by Gartner as the first of the Top 10 Technologies for Information Security in 2016 (http://www.gartner.com/newsroom/id/3347717).

What are they? Gartner describes them as “Policy enforcement points, which controls the ways in which enterprise cloud service consumers utilize cloud-based services, allowing a single policy to be enforced across one or more cloud-based services”, and they typically have 4 different functions: Visibility, Compliance, Data Security and Threat Protection.

Visibility shows you which cloud applications and services are used at your organization and whether they are sanctioned or not by your IT Department, enabling you to take measures such as, e.g. blocking the applications or allowing it only for users inside the organization but not on a business trip, or on devices not controlled by IT. They usually provide an extensive database of cloud applications that helps towards the assessment of the “Trustability” of a cloud provider.

Compliance refers to the functions related to data residency and compliance with regulations, letting you know where your data is and how is managed. Some CASBs let you encrypt or tokenize certain data without losing functionality (like search), making sure that e.g data that cannot leave the country stay at your CASBs in your country, while you send the tokens to your cloud provider.

Data Security enables the enforcement of security policies related to data taking into account data classification and the monitoring of user activity. Management of the encryption keys can be integrated with an on-premises product, as well as DLP (Data Loss Prevention) features, or native to the CASB.

Threat Protection provides adaptive access controls for devices, users and applications. They may also detect anomalous behavior, such as that a user that has logged in two hours ago in Switzerland is now logging in from a distant country and block it since there may be a reasonable suspicion that it is not a legitimate login. It may also use threat intelligence and malware identification.

CASBs can be deployed in different ways, but they can be summarized in the following: SaaS application, on-premises appliance, either virtual or physical, and even a hybrid approach, with both SaaS applications and appliances to cover different cases. Depending on the way each CASB has been designed and developed it may or may not cover different combinations of these possibilities. SaaS are easier to deploy and are becoming more popular, however many specific cases may require an on-premises approach.

They may interact with the cloud services and applications either through their APIs or acting as gateways through which some or even all the traffic of the organization is passed and analyzed. In the late case they may be deployed either as a Reverse Proxy or a Forward Proxy.

Many organizations are already taking positions in this market, for instance Oracle, Cisco, Check Point, IBM, HP or Microsoft. So, as you can see, CASBs are versatile and powerful tools, in which many important players of the IT business are involved, and you can only expect to hear more about them in the future.