Cloud Access Security Brokers (CASB)

The economy of nations the world over continue to feel the deep impact of the COVID-19 pandemic. The shockwaves are truly global. Those who have been able to work from home, have done so for over a year now.  Before the pandemic this would have been unimaginable. Industry analyst, Gartner Inc., points out that 88% of companies sent staff home to work during the pandemic. And the Work From Home (WFH) movement looks like it is going to continue - despite vaccines starting to take pace.

The facilitating force behind WFH is digital technology. Without the cloud, companies would simply not be able to carry on business as ‘normal’ when remote working. But amidst the WFH movement lies the spectre of cybersecurity threats. A Cloud Access Security Broker (CASB) can change the metrics of cybercrime. Here’s what a CASB provides and why it needed now more than ever?

Why an organization needs a CASB?

Cyber-threats are always making the news and often it feels like cybercriminals are winning. Cloud computing, so essential for the modern enterprise, has opened digital doors for scammers and hackers. To work we need to connect. This connectivity is exploited by cybercriminals in numerous, sophisticated, and often multi-layered attacks.

But cybersecurity technology has kept pace. As the business world becomes ever-more connected, advanced data protection and enforcement of security policies are needed as the backbone for secure data access. A Cloud Access Security Broker (CASB) is this backbone. A CASB is a technology designed for modern cybersecurity threat mitigation. The clue to the technology capability is in its name – a ‘broker’.  A CASB acts as a go-between. Enforcing security between the device and the cloud. In doing so, the data that flows between the two is protected. A CASB closes the security gap between the device and the cloud.

2020, the year that cyber-attacks went through the roof

The current cybersecurity climate shows the reasons why a CASB has become a must have security technology. A year ago, cybersecurity attacks were bad. Myriad examples including the massive Capital One breach affecting 106 million people hit the headlines. However, this situation has only worsened. During the pandemic, cyber-attacks went through the roof. Tor Metrics, an organisation that keeps track of dark websites, found that from March to September 2020, dark websites tripled. 

Cloud Adoption Creates Risks

Remote working has increased the threat surface. This is largely due to the now ubiquitous nature of ShadowIT (non-visible devices), BYOD (personal device use), and general increased remote access with a lack of corporate oversight. A recent survey shows the level of impact of WFH with 56% of employees using personal computers and 25% not knowing what security policy is in place on devices. But data continues to flow and to be exposed. In the first half of 2020, 27 billion data records were exposed, this is more than double 2019 figures. According to Gartner, Inc.90% of organizations that fail to control public cloud use will inappropriately share sensitive data.

One of the most difficult issues for an enterprise to deal with is the insider threat. A WSJ survey shows that 70% of companies worry about malicious employees.

Deploying a CASB

The choice of a CASB also includes the type of deployment options available. A CASB can be deployed using three deployment models:

Reverse proxy 

Great for unmanaged devices as no agents are required. An agentless reverse proxy architecture is a good option to monitor and control app traffic and data. An agentless architecture is also a good way to manage the end user experience and allows for a simpler deployment model. In an environment that relies heavily on bring your own device (BYOD), reverse proxy can offer an advantage.

Forward proxy

Good for use with endpoint agents or VPN clients. However, because forward-proxy architectures need end user endpoint installs, this can create challenges in installation, management, and privacy, in an environment that heavily employs BYOD, i.e., a remote work environment.

API

An API or an ‘application programming interface’, are based on a stateless, client/server architecture allowing for the automated exchange of information between endpoints. An API-based CASB is able to integrate seamlessly with public cloud APIs. This makes an API-based CASB a great option for visibility of data stored in cloud repositories or when not transmitted via a corporate network. A CASB that is based on an API architecture, provides the level of visibility into data and traffic across the cloud that cannot be provided by the proxy based CASBs.

The Four Pillars of a CASB

Technology environments are often mixed, that is, they use a combination of cloud and on-premise apps. Therefore, often the best fit for a modern, complex, IT environment is a mix of API and Proxy. Because of this, API and Proxy models are often combined to achieve maximum efficacy across these mixed environments. The benefits a Cloud Access Security Broker offers to help an enterprise protect against these threats are broken into ‘four pillars’:  

Pillar One: Visibility

A CASB lets you see who is doing what in the cloud. This provides the intelligence needed to secure access. A CASB monitors and audits events and traffic across your expanded network. A CASB provides device and location information and delivers alerts and reports that are used to make security decisions.

Pillar Two: Compliance

Data protection regulations have many nuanced requirements. Knowing where to apply protection and at what level is crucial in adhering to regulations. Compliance starts with knowing what assets you have. A CASB can classify the data under its brokerage to allow an organisation to meet requirements of regulations such as the EU’s GDPR and the UK’s DPA2018.

Pillar Three: Data security

A CASB is part of the security toolkit of an organisation. A CASB is designed to facilitate data security policies, working symbiotically with security enforcement solutions like Data Loss Prevention (DLP) tools. A CASB can help enforce data security mechanisms including encryption, access control, policies on data collaboration, as well as DLP. In doing so, data exposure by both accidental and malicious means is prevented.

Pillar Four: Threat prevention

The preventative measures offered by a CASB is one of its most powerful capabilities. A CASB can use smart technologies such as machine learning-enabled User and Entity Behaviour Analytics (UEBA). Using UEBA, a CASB sets baselines of normal behaviour. This baseline is used to spot anomalies and patterns that can indicate a threat. From there, a CASB provides measures to prevent a threat from becoming an incident, including adaptive access control and threat intelligence to block malware infection.

Things to Consider When Selecting a CASB?

A CASB is part of an overall package of security measures. It acts to orchestrate and deliver appropriate security using intelligent analysis. As WFH continues to challenge our business we need to shore-up our defences by using the best technology we can get. Cloud computing has allowed organizations the world over to continue business as normal, a CASB can ensure that the data that oils the wheels of our business is secure.

Making the right choice of CASB and the right partner to deploy the solution is important. Some features to look out for include:

Cloud app discovery

• What is the reach of the CASB?
• Can it extend your DLP strategy to the cloud?
• Does the CASB support on-premise discovery or is this externalised?

Identity and access management

• Does the CASB offer granular control over access and support enforcement of multi-factor authentication?
• Does the solution support unique policies for both managed and unmanaged devices?

Threat prevention

• What threats can the CASB prevent?
• Does the solution provide machine learning-based UEBA to monitor entities and devices?

Policy management and DLP

• Can the CASB enforce in-transit DLP policies?
• Can policies be enforced using granular rules based on user, device, app, time, etc.?

Encryption and Compliance

• Can sensitive data be identified/classified in cloud apps?
• Can the solution provide insights into user access and data use?
• At what level is monitoring performed, e.g. record, app, user level?
• Can the CASB solution help prevent access by former employees?