enterprise key management critical

CASB  101: Making the Case for Cloud Access Security Brokers


Written by Lara White

From nothing to a major emerging technology recognized by Gartner in under three years is an achievement to be proud of. enterprise key management criticalCloud Access Security Broker (CASB) technology has made enormous headway in a short amount of time, driven primarily by the explosion in enterprise cloud adoption and the relatively unaddressed need for enterprise-grade cloud visibility, monitoring, and control capabilities to maintain data security and regulatory compliance. Here’s the rundown on cloud access security brokers and what they can do for your organization.

What is a CASB?

CASBs sit between the enterprise and the public cloud services it uses, acting as a gateway through which all enterprise users and data must pass. They enable enterprises to improve their monitoring, visibility, and control of user and data activity within third-party cloud applications and provide an additional layer of security to ensure that unauthorized parties do not gain access to corporate resources in the cloud. CASBs unify the security controls of multiple cloud applications so that policies and enforcement remain consistent across all environments.

Use cases for CASBs

There are a number of use cases for CASBs. Here are some of the most compelling for the privacy-minded enterprise.

  • Early anomaly detection: Leveraging data collected as users go about their typical activities in the enterprise’s cloud applications, CASBs can perform analytics to establish usage behavior and service baselines, from which anomalous behaviors indicative of potential threats can be detected and alerts generated.
  • Reporting and auditing: Because of the enhanced and granular visibility they provide into user and data activity, CASBs can provide detailed activity logs and other reports useful for compliance auditing and forensic purposes.
  • DLP: CASBs can validate content within the enterprise’s public cloud applications, blocking, watermarking, password protecting, or encrypting according to policy and preventing sensitive content from being shared via unauthorized native mobile apps and other channels.
  • Encryption: CASBs can encrypt objects at the file level before upload or upon download from a public cloud application according to policy, maintaining end-to-end data privacy and regulatory compliance.

Of course, these are just a few of the possible use cases for CASBs. The technology is still a relatively new and evolving one, and as the enterprise’s cloud usage continues to grow and change, so too will the uses to which organizations put their CASB cloud data security gateways.

Ultimately, what CASBs do boils down to extending the organization’s monitoring and control farther beyond the enterprise perimeter than would otherwise be possible, rendering the murky area of cloud applications crystal clear to enterprise administrators. CASBs also allow for the consistent application of data protection technologies across all cloud environments so that no vulnerabilities are created as data moves from one CSP to another or as users switch applications. All these benefits add up to enhanced cloud enablement. Free of the data privacy and security concerns that often hamper cloud adoption and the agility the cloud brings, organizations can adopt third-party applications with peace of mind, knowing that they possess the tools to maintain compliance no matter whose cloud they decide to adopt.