Cloud Computing has grown beyond leaps and bounds across the business world. With its ease of deployment, flexibility and economically viable models, Cloud has become the new norm in business. Before the cloud era, the entire organizational data resided inside the enterprise perimeter which was safer to handle. However, with the advent of cloud, the data has moved beyond the four walls of an enterprise making the cyber security management a tough task. Now, in this age where the concepts like BYOD (Bring Your Own Device), CYOD (Choose Your Own Device) getting prevalent along with anywhere, anytime access to organizational data, maintaining an efficient security posture is a daunting challenge than ever before.
As we all know, the security in the cloud is a shared responsibility between the service provider and the customer. Even though the cloud vendors provide an optimum level of security for the applications hosted on their platform, it is challenging for them to get the visibility and control over the risks associated with user behavior. There will always be limited visibility to the users accessing the apps especially outside the organizational network or through their own personal devices. This lack of visibility in the cloud brings in greater challenges and security risks in organizations, especially in this time of increasing instances of ransomware attacks like WannaCry. As Shadow IT and IT consumerization are changing the enterprise IT world, the security in the cloud needs to be relooked in a new way. Gartner sees CASB (Cloud Access Security Broker) an evolving visibility and policy control proxy based solution as an efficient way to address the cloud security concerns to a larger extent. CASB enables organizations to leverage secure cloud solutions by providing visibility into an organizational cloud environment and ensuring compliance by combining threat detection, data protection and predictive Cyber Analytics.
CASB is emerging as a must- have solution for organizations that are adapting the cloud based solutions. Gartner has coined the term CASB, five years ago. Gartner defines Cloud access security brokers (CASBs) as ‘on- premise or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on’. Gartner reports also says that ‘by 2020, 85% of large enterprises will use a cloud access security broker solution for their cloud services, which is up from fewer than 5% in 2015’. CASB can sit either on- premise or in the cloud and can act as a secure gateway for the data traveling to and fro the cloud. CASB brings in the key cloud access security requirements including identity and access management, access control, SIEM, firewall, anti-malware, DLP, encryption and threat management in enterprise cloud environments into a single console.
The three ways in which CASB can be deployed includes an on- premise gateway or reverse proxy model, a host based agent or forward proxy and an API Cloud Centric SaaS solution.
The reverse proxy model is the most common method for deploying CASB. In this mode, CASB acts as the first source of authentication replacing identity and access management service. CASB owns the Cloud service URL, authenticates it and then passes it to the identity and access management service provider for the next level of authentication. This is an easier way to implement CASB in front of the cloud end users without having any special configuration or certificate installation.
In the forward proxy model, CASB can be deployed in the cloud or on premise and the users need to install self-signed certificates on the devices from which they are accessing the proxy. This is considered more as an intrusive deployment method as the end users are forced to route the traffic to the CASB through their devices or network.
In API model, the CASB’s can be directly connected to the cloud service API’s to monitor the usage irrespective of how and where the cloud services are accessed. This also covers the tracking of the usage out of the organizational network in unmanaged devices.
CASB provides visibility to shadow/ stealth IT and also closely tracks the activities, transactions happening in the cloud environment. It also offers extended coverage for communications happening between the cloud applications which is out of the organizational network. CASB’s can also do instantaneous incident response by alerting/ quarantining anomalies if any, while handling the cloud data. The CASB proxies act as the single point of entry for cloud data in which certain malicious traffic can be funneled and held for further inspection. It takes care of data protection, compliance checking, security controls provisioning and actionable threat intelligence sharing in the cloud environment. Many top notch CASB vendors are planning to take the capabilities of CASB to the next level by integrating supervised and unsupervised machine learning in to their CASB offering to provide advanced threat detection and risk mitigation.
• Visibility: CASB provides a clear visibility into the cloud environment in an organization which covers users, devices, applications, data and actions. It provides the insight on Shadow IT, and information on the authorized/ unauthorized apps that the users are accessing and how often they are using it.
• Compliance: CASB helps to ensure the internal as well as external security compliance in the cloud including HIPAA, PCI Compliance and so on.
• Data Security: CASB helps implement appropriate data protection measures including encryption, tokenization, and data loss prevention with the enterprise taking care of the key to access it.
• Threat Protection: CASB provides adaptive security controls for preventing unwanted devices, unauthorized users and applications from accessing cloud services. CASB also covers User Behavioral Analytics (UBA) and Entity Behavioral Analytics (EBA) for determining anomalies, malware identification and threat intelligence formation.