Cisco Umbrella

Enterprise network security

Security

What is CASB?

By Andrew Tsui

Overview

A Cloud Access Security Broker (CASB) acts as an intermediary between cloud providers, cloud-based applications, and cloud consumers to enforce an organization’s security policies and usage.

It is no secret that cloud adoption and the use of cloud applications can accelerate and optimize an organization’s workflow and productivity. However, it also poses a major security risk.  One of the main objectives of a CASB is to keep an organization’s data safe and secure.

Why do I need a Cloud Access Security Broker?

As organizations evolve and cloud adoption grows, inevitably, additional cloud applications will be integrated within their networks.  For all of the benefits and optimization that cloud-based applications provide, they also present a significant threat plane and opportunity for adversaries to steal intellectual property.  Securing these cloud applications and the data within them is critical to business operations.

There are several avenues that adversaries can use to get into the corporate network and exfiltrate sensitive data. Organizations need to be able to monitor user behavior, protect sensitive data, and monitor third-party connected apps in order to protect their users and data.

Are cloud applications safe to use?

Generally, yes.  However, the proper precautions need to be taken to ensure that the users and data using such cloud applications are secure.  As long as businesses understand the risks and vulnerabilities associated with using cloud applications, they should be able to put a strategy in place that helps keep them secure.

Tools like a CASB should be a key part of that strategy, and are designed specifically to secure organizations, their users, and ultimately the data shared within cloud apps.

Is a CASB all I need for cloud security?

Similar to endpoint security and data center security, cloud security requires a comprehensive, holistic approach. A CASB is a critical component of cloud security, but businesses need additional solutions such as secure web gateways, email security, public cloud monitoring solutions, next-generation firewall integrated cloud solutions, and others.

Three CASB Use Cases

  1. User and Entity Behavior Analytics: A CASB provides visibility into user accounts across your network, helping to defend against compromised accounts and malicious insiders with User and Entity Behavior Analytics (UEBA). Typically UEBA runs against an aggregated set of cross-platform activities providing visibility into things such as user login and network access, as well as providing insight into privileged account compromises.
  2. Data Loss Prevention (DLP): Protecting an organization’s data is usually priority number one. A CASB can provide data loss with sets of predetermined rules or the ability to customize policies to fit individual organizational policies.
  3. OAuth and Shadow IT: As mentioned, leveraging the flexibility and integrations between cloud-native applications can be extremely beneficial for an organization. However, what users may not realize is that apps that are interconnected in the cloud can also serve as a backdoor for attackers.

A CASB can help you:

  • Uncover connected apps within your network
  • Manage permissions and settings for connected apps
  • Revoke connections for malicious or high-risk apps
  • Secure access to cloud applications

Key Considerations When Choosing a CASB

User Security

Visibility:  The first obstacle for organizations trying to provide sufficient user security is visibility. In large organizations, there are a large number of users accessing multiple applications in multiple cloud environments. A CASB solution must provide significant visibility into user activity across all of the SaaS applications they access.

Threat protection: While significant user visibility is critical, it is not enough to achieve full user security. By leveraging the data and analytics gained by deep visibility, organizations can provide significant threat protection for their users. The exponential growth of multi-cloud activity has increased the attack perimeter, and IT professionals cannot keep up with all of the threat alerts. Large-scale analytics and machine learning allow a CASB solution to automate threat alerts and responses to achieve more robust, agile user security.

Data security

Control: The first step to helping ensure data security is control. Organizations should restrict access to areas where the information is not critical to an employee’s job functions. Once attackers are in the network, they will attempt to move laterally to access secure data. While organizations may want to trust their employees and grant access, this can greatly increase the attack surface. When in doubt, limit access points to significant data.

Visibility: Similar to user security, visibility is a crucial step to promoting data security. Storing sensitive data across a multi-cloud environment can be risky. In addition, the explosion of cloud solutions and remote access points in organizations has increased the amount of data collaboration. More and more, organizations are sharing sensitive data across multiple cloud environments. Controlling access to sensitive data can be very effective, but there will constantly be newly forming connections within a network. As a result, organizations need visibility into what data is going where and the ability to block sensitive information from being shared inappropriately.

App Security

Discover: Most organizations would be dismayed if they saw the number of applications their entire network is using. Applications can be very beneficial, but it is important to know which ones are accessing organizational data at any given time. A CASB solution should provide discovery and visibility of third-party connected apps and enable the customer to disconnect from risky or inappropriate apps.

Classify: Once an application is discovered, a CASB should classify it. In some scenarios, like Google Apps, these applications may unknowingly have access to sensitive data. While it may seem harmless, a malicious application can cause serious damage. To allow employees to work efficiently but safely, a CASB needs to quickly classify: What is this application? Is it safe? What data does it access?

Disable risky apps: Once discovered and classified, the application should be enabled or disabled. In most cases, the application has been downloaded or accessed to improve an employee’s productivity. If the application has been classified as safe and beneficial and the permissions are appropriate, it can be left alone. If the application is classified as a threat, it should be immediately disabled.

Key Takeaway

Cloud Access Security Brokers act as an intermediary that helps to secure the use of cloud-based applications and protect the users working within them. If working with any cloud-based application, organizations of all sizes should consider using a CASB solution to help monitor User and Entity Behavior Analytics, Data Loss Prevention, and app-to-app communication, with the ultimate objective of securing sensitive user data and intellectual property.

Sign up for our free Cisco Umbrella Live Demo and see the power of CASB for yourself.