According to Gartner, Cloud Access Security Brokers (CASBs) are on-premises or cloud-based security policy enforcement points placed between cloud service consumers and providers. They combine and enforce enterprise security policies as cloud-based resources are accessed. By 2022, 60% of large enterprises will use a CASB platform for their cloud services, up from less than 20% today.
You're likely aware that a lot of your sensitive data is already in the cloud. At least 79% of enterprises are actively deploying cloud solutions in public, private, or hybrid environments. With progressive adoption, more enterprises will move critical workloads to the cloud.
The amount of sensitive data residing in public clouds makes them attractive targets for cybercriminals. Computer attacks are typically automated and evolve in sophistication as more defenses are added to systems. The security provided by cloud providers is more geared towards protecting infrastructure than the applications running on the cloud, leaving a security gap filled by CASB systems.
CASB systems help protect your cloud services through four pillars of functionality. Let's briefly discuss these:
A CASB system provides enterprises with visibility into authorized and unauthorized cloud usage. It can view and monitor data traffic between the corporate network and the cloud platform. CASBs also allow you to see how cloud services are being used, by whom, providing insights into cloud usage, user behavior analytics, and helping detect overprivileged users and assets.
With CASB, you can identify sensitive data stored across cloud services, ensuring compliance with application workloads. It also provides logs for audit purposes and can encrypt sensitive data-at-rest to protect against breaches.
CASBs prevent unwanted devices, users, and versions of applications from accessing cloud services. They use auto-discovery to identify cloud applications in use, as well as high-risk applications, users, and other key risk factors. CASBs have the ability to identify threats if anomalous behavior is detected, allowing users to respond to threats in real-time, protecting sensitive company data.
CASB is able to monitor access to data, enforce security policies and prevent unwanted activity. Based on the company policy, it protects enterprise data in the cloud by preventing certain types of sensitive data from being uploaded or downloaded. CASB may enforce a number of different security access controls, including encryption, tokenization and device profiling. Proactive application and data security measures ensure that sensitive data is protected.
