Gartner: Cloud access security brokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.
For service providers its attractive to free themselves from managing the huge infrastructure so they rent the cloud, it becomes even more fascinating for consumers with just the workstation to worry about and access the service globally without deploying the appliances on premises, further reduction in the total cost also. But this comes at a invisible cost
1> Your security features are in the hand of the cloud provider.
2> Your data is in the hand of the cloud/service provider.
This lost control on data and security can be achieved by use of proper CASB feature, yet they come with some of there own limitations.
In the 2012 Cloud Security Hype Cycle, Gartner detailled how Cloud Access Security Brokers (CASBs) will help drive adoption of cloud services with integrated security.
-Enables organizations to get visibility, control and compliance of its users’ consumption of cloud-based services
-Enables organizations to apply a consistent set of policies across multiple disparate cloud providers
-Can be used to enforce and demonstrate policy compliance on internal and public cloud-based services
-Is able to enforce policies from unmanaged (e.g., bring your own devices [BYODs]), regardless of location
-Reduces complexity by consolidating disparate security policy services into a single platform
Regardless of the industry the adaptation of cloud services is increasing at a rapid rate which has made CASB as the the could security control technology. Enterprises are adapting cloud services removing the intermediate IT departments. CASB is not yet in the market as centralized control system and bringing this to the market is easily possible for security leaders and will give them edge over other distributed players. As the cloud services are growing the requirement for CASB features which satisfy the all the use case will be an iterative process.
The major pillars around which CASB product should deliver functionality are:
1> Visibility: This pillar focus on the usage of the cloud service, giving a significant control over the services and monitoring the access of data/services by a user on all devices and locations.
2> Compliance: This pillar focus on specifying the risk of specific cloud services, data residency and compliance with regulations and standards.
3> Threat protection: This pillar focus on prevention of the unwanted access of the cloud services. It might be a user, device or a particular version of an application which has to be restricted from accessing the cloud application.
4> Data Security: This pillar focus on classification of the data and enforcing the data centric security policies. Policies are applied through controls, such as audit, alert, block, quarantine, delete and encrypt/tokenize, at the field and file level in cloud services.
There are level between which casb’s fits in and the products should evolve to cover all these: