CASB: What to look for in a cloud access security broker - featured

What to Look for in a CASB (Cloud Access Security Broker)

Best Practices, CASB

Written by Paige Leidig

CASB: What to look for in a cloud access security broker

As your organization transitions more and more of its applications into the cloud, cloud security will become an ever more urgent challenge to solve. Reliably and consistently protecting enterprise and customer data in a highly distributed, multi-vendor environment is no easy task, especially without a centralized point of contact from which administrators can apply policies, controls, and protections to several cloud deployments at once. It’s for this reason that Cloud Access Security Brokers (CASBs) are now gaining in popularity and recognition. An effective CASB can dramatically simplify cloud security administrators’ workflows and result in better overall security for sensitive or legally protected corporate data. Here are some qualities to look for in a CASB cloud security vendor.

Learn more details about “What is a CASB?” in our CASB Resource Center

  1. A variety of different data protection mechanisms

CASBs sit between the enterprise and the CSP, applying security tools to data before it leaves the enterprise perimeter. Different types of data require different types of protection. Some cannot leave the premises at all and must be tokenized. Others need encryption before heading up into the cloud—but what level of encryption? And will the encryption still preserve the enterprise’s cloud application functionality? The best CASBs will offer a wide variety of encryption and tokenization options and the ability to apply them to data on a granular, field-level basis according to policies set by the enterprise—and those encryption options should include methods of retaining application functionality while accessing encrypted data.

CASB: What to look for in a cloud access security broker- monitoring

  1. Robust monitoring and auditing tools

Data protection is only half the battle when it comes to cloud data security and regulatory compliance. Once deployed, a CASB should give administrators broad and deep visibility into what’s happening with enterprise data while it’s in the cloud. Robust monitoring and visibility tools, paired with automated, rules-based alerting when suspicious or anomalous behavior is detected, are critical to identifying and stopping attempted infiltration or data theft. For auditing and compliance purposes, detailed logs and reporting are also necessities. And because shadow IT remains a problem at the vast majority of enterprises, the ideal CASB will also come with cloud application discovery and assessment mechanisms to keep unsanctioned cloud use in check.

CASB: What to look for in a cloud access security broker - integration

  1. Integration capabilities with a variety of applications

If you’re looking at CASBs for your organization, it’s a safe bet that you’ve either already adopted a multi-cloud data environment or are planning to in the near future. In that case, the CASB you choose must not only offer all the capabilities discussed above, but also be integrated with—or integratable with—all the cloud applications you choose to deploy. You might be looking just at the major, established CSPs, like Salesforce, Box, or Microsoft. And/or you may have other, more specialized applications in mind. Your CASB should be able to integrate with any app so that your enterprise data is always protected in the cloud.

As CASBs grow more crucial to enterprise cloud data security, the market will expand and competition will heat up. A growing selection of CASB vendors may make choosing one difficult. Remember the above key capabilities to filter the promising candidates out from among those that won’t make the cut.

Not sure why you need to invest in a CASB when your cloud providers already promise data privacy? Download our free white paper, “Can Cloud Providers Guarantee Data Privacy? Best Practices for Assuring Data Sovereignty Regardless of Data Location,” today.