What is a Cloud Access Security Broker (CASB)?

A cloud access security broker (CASB) is a software security service that acts as an intermediary between business cloud users and cloud providers. CASBs monitor data flow to and from cloud platforms, ensuring that cloud use comply with information security policies and regulations.  Much as a firewall enables businesses to enforce security policies for incoming and outgoing network traffic, a CASB enables them to enforce infrastructure and information security policies for cloud use. 

Before the advent of cloud computing, IT infrastructure was hosted in on-premise or colocated data centers. IT and security professionals could enforce security policies because they controlled the hardware and software stack. Businesses have less control over hardware and software in the cloud era, but a CASB allows them to extend security policies from on-premise environments to cloud environments.

What Does a Cloud Access Security Broker Do?

A CASB is a security service hosted either on-premise or in the cloud. It mediates connections between devices used by employees and cloud services. The primary purpose of CASB security systems is to reduce the risk of sensitive data being insecurely stored, accessed, and processed on cloud platforms. 

CASBs are sophisticated platforms that can enforce a broad range of security controls. CASB capabilities include:

  • Authentication and identity management with SSO and IAM integration
  • Risk assessment and data governance in line with regulatory frameworks
  • App discovery to ensure the business is aware of cloud applications accessed by employees
  • User activity monitoring
  • Behavioral analytics to identify and mitigate threats
  • Cloud configuration auditing
  • Malware detection
  • Encryption
  • Key management
  • Monitoring and alerting
  • Device profiling

CASBs are designed to solve a specific set of problems, so they may not include all of the features in this list. When selecting a CASB, businesses first assess their needs and then choose a CASB security solution that addresses their use case. Platform compatibility is one of the most critical factors. CASBs interact with cloud providers via APIs, which differ between platforms. For example, a business that uses AWS will choose a CASB that supports Amazon’s cloud platform, such as Bitglass.

Why Do Cloud Users Need a CASB?

Cloud platforms—whether SaaS, PaaS, or IaaS—attract businesses and employees because they reduce complexity, offer a versatile range of services, and are less expensive than self-managed infrastructure. However, companies quickly discover that a lack of “walled garden” control makes securing cloud environments more complex. 

Employees often use unsanctioned cloud services to circumvent security restrictions and limitations in approved software. This is the well-known shadow IT problem. In 2019, a McAfee study showed that businesses use hundreds more cloud services than they know about. These services are not subject to security policies, compliance oversight, or internal governance processes. 

CASBs were initially developed to address the shadow IT problem by helping businesses to gain visibility into the cloud applications employees use. Over time, they have been enhanced with numerous other features that empower businesses to take back control of infrastructure security and cloud compliance.

What Are the Four Pillars of CASB?

The Gartner IT research consultancy describes CASB solutions as having four main pillars of functionality:

  • Compliance. Cloud platforms provide IT services, but businesses are responsible for using them in compliance with relevant regulatory frameworks. CASB solutions help businesses identify potential compliance risks for regulations such as HIPAA and PCI DSS.
  • Visibility. CASBs monitor cloud services and applications for use that contravenes data security policies. They provide risk analyses and allow businesses to control, limit, or prevent access depending on the application, the user’s access levels, and other factors.
  • Data security. CASBs offer data security features to observe and protect data as it moves between on-premises infrastructure and cloud environments.
  • Threat protection. Because CASBs have visibility into data and app usage patterns, the software can identify and mitigate potential threats such as unauthorized access, data exfiltration attempts, and malware infections.

How Does a CASB Promote Compliance in the Cloud?

Cloud access security brokers facilitate secure and compliant cloud use. Because CASBs provide visibility into and control over data use in the cloud, businesses can more effectively enforce cloud security controls that support regulatory compliance goals. 

However, CASBs are only part of a comprehensive cloud security program. They are one component of a layered approach to cloud security that also includes security awareness training and cloud security audits conducted by qualified information security auditors. 

To learn more about cloud security and cloud compliance audits, visit KirkpatrickPrice’s cloud security resources, including dozens of educational videos and our free AWS security scanner.

Cloud Security: Business Continuity and Disaster Recovery Planning

Myths about the Cloud and BC/DR Plans

When it comes to Business Continuity and Disaster Recovery Plans for cloud environments, we often hear this feedback:

  • “I’m in the cloud so I don’t have to worry about Business Continuity and Disaster Recovery Plans because my cloud provider does those for me.”
  • “We don’t need to test our Business Continuity and Disaster Recovery Plans, we’ve thought it all through.”
  • “Our cloud service provider is taking care of all our availability concerns, we don’t need Business Continuity and Disaster Recovery Plans.”
  • “Everything is in the cloud, so we aren’t at risk.”

This way of thinking couldn’t be further from the truth, though. This lift and shift methodology is hurting businesses who believe cloud service providers take care of business continuity and disaster recovery needs. Business Continuity and Disaster Recovery Plans are not a technology roadmap; they describe how to recover business operations, which includes people and processes. How could cloud service providers cover your people and processes? Getting into the lift and shift mindset cultivates complacency, which is a dangerous spot to be in.

In this webinar, Michael Burke gives listeners food for thought on what Business Continuity and Disaster Recovery Plans are, why you should test them, best practices, and how the cloud impacts them.

Want to learn more about cloud security and the assessment options that are available? Contact us today.

More Business Continuity and Disaster Recovery Resources

Business Continuity and Disaster Recovery Planning Checklist

3 Steps for an Effective Disaster Recovery Plan

How Cloud Computing is Changing Small Business

Cloud Security: The Good, The Bad, and The Ugly

Cloud Security Best Practices

Cloud environments bring advantages to businesses of all sizes–reduced cost, flexibility, low risk, efficiency–so why do you need to go the extra mile and implement cloud security best practices? Security vulnerabilities exist, even in the cloud. Traditional security problems of an internal network still show up in cloud environments, like one vicious cycle.

In this webinar, we discuss three areas where traditional security problems must be reassessed for cloud environments: credential reuse and management interface, secure configurations, and system logging and monitoring.

1. Credential Reuse and Securing the Management Interface

In a traditional internal network, you may encounter issues like the same local administrator account being used on all deployed workstations, domain administrator permissions being granted to daily use accounts, and static password service accounts having administrative permissions. You could encounter these same traditional security problems in cloud environments, they’ll just look slightly different. For example, the same SSH key may be used for all IaaS server instances without securing the private key properly, administrator permissions may be granted to daily use accounts, and account keys may be used for scripted automation tasks.

2. Managing Secure Configurations

Secure configurations are vital to a traditional internal network or cloud environments. Patching and hardening systems can be a disruptive process that requires a significant amount of resources, making it one of the most common traditional security problems. This approach dos not need to be carried over into cloud environments. To gain the advantages that cloud environments can provide, applications need to be totally transformed to bring additional business value.

3. System Logging and Monitoring

Analysis and retention of log data can easily overburden limited IT resources. In the PCI DSS framework, for example, you must retain all logs for a year. When reassessed for cloud environments, system logging and monitoring can become less expensive and burdensome. Object-based storage for retention is less expensive than large amounts of physical storage, and security-as-service providers can make the log analysis process automated.

Listen to the full webinar to learn about best practices for cloud security. For more information on cloud security assessments, contact us today.

More Cloud Resources

European Union Agency for Network and Information Security (ENISA)

The NIST Definition of Cloud Computing

Cloud Security Alliance’s Treacherous Twelve