Perhaps the three most talked about technologies today, Cloud Computing, Mobile Devices, and BYOD, are also the top three security concerns of many IT professionals. I call these three technologies the Productivity Threat Triangle because as much as they improve productivity, they also represent a major concern for corporate security professionals.
Individually, each of these technologies has become an enabler towards productivity, both personal and professional. Online file sharing and synchronization services such as Google Drive, OneDrive, and Dropbox, have made information sharing so easy that often corporate IT departments, and with it corporate governance, have been bypassed, the so-called “shadow IT” problem. The availability of mobile business apps, combined with BYOD policies (or lack thereof), have made it extremely easy for business users to share data outside the corporate network, resulting in the loss of control of corporate data.
The problem of how to secure corporate data without stifling employee productivity is significant. For heavily regulated industries such as energy, healthcare and finance, this issue looms even larger. One solution currently evolving is the use of a Cloud Access Security Broker, or CASB, to monitor and secure corporate data. CASBs aim to address the security gaps created as a result of the significant increase of cloud services, BYOD and mobile device usage by mediating access to cloud-based services. CASBs can enforce security policies, for example, all devices on which corporate data is stored should have basic security measures in place like passcodes and encryption, before being allowed access to corporate data.
The CASB is a security product that sits between cloud service providers and the people that use them. Its role is to enforce security best practices and corporate policies when cloud services are accessed by end users, both within the corporate network and externally from mobile devices. But don’t the cloud vendors provide their own security? That’s true, cloud vendors do provide security within their application and the underlying infrastructure. However, they leave the security of data transferred to and residing on endpoint devices such as home computers, laptops, tablets and smart phones to us.
To date, CASBs have primarily addressed SaaS delivered applications, such as CRM, HR, help desk and productivity applications (e.g. Salesforce, SAP, and Microsoft Office 365). Most also support the control of social networking use and increasingly are able to monitor and control popular Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) providers. In Gartner’s Market Guide for Cloud Access Security Brokers, published October of 2015, Gartner reports fewer than 5% of large enterprises utilize a CASB today, but projects by 2020 that 85% will implement a CASB for their cloud services.
How does a CASB work?
CASB technology focuses around four areas of functionality:
|Visibility||Compliance||Data Security||Threat Protection|
|Discovery and visibility into users, services, devices and data||Content monitoring for compliance with regulations and standards||Policy enforcement based on data classification, discovery and activity monitoring||Identify malicious activity, unwanted devices, applications and users through traffic analysis|
CASBs logically sit between end-users and cloud services, but can also be on-premises or cloud-based. Traditionally, CASBs operated either as a proxy (forward or reverse), or in API mode, using cloud providers’ APIs to manage cloud access. More recently, CASBs are able to operate in multi-mode or mixed-mode deployments, using both methods to take advantage of the pros and cons for each method.
Regardless of the vendor or mode selected, when selecting a CASB, reporting and policy management are key. A good solution should maintain a complete audit log and include detailed reports across your environment. Features such as real-time alerts on anomalous behaviors, failed login attempts, policy violations and potential data leakage ensure that you’re aware of suspicious events as they occur.
The CASB market is relatively new, but has evolved quickly since its inception around 2011/2012. Providers are mainly fueled by venture capital funding and Gartner feels the number of providers will consolidate through acquisitions from more established vendors. As more enterprises try to reign in the Productivity Threat Triangle, we can expect more adoption of CASBs, new startups forming, consolidation through acquisitions by established technology companies, and increased opportunities for security minded professionals to implement these solutions.