Cloud Access Security Broker (CASB)

As our data gets digitalised in the 21st century, we need to ensure a safe and secure environment for it. This is where a cloud service provider comes in. The only way cloud service providers such as Amazon Web Service (AWS), Microsoft Azure and Google Cloud can safely store data without it getting lost or accessed by unauthorised parties, is ensuring that only those permitted to have access are given access to it. Furthermore, it is important to note that cloud service providers have security measures in place to ensure a safer interaction.

What is affectionately known as a CASBEE, is a software application that sits between cloud service users and their respective cloud applications and instances. The Cloud Access Security Broker (CASB) is the security aspect of cloud services; its role is to monitor the security of the actual cloud server and report as well as to detect incoming threats.

The ability of a CASB goes beyond being able to act as a mediator between cloud users and cloud service providers. The CASB can address gaps in the cloud security platform, namely Software-As-A-Service (SAAS), Platform-As-A-Service (PAAS) and Infrastructure-As-A-Service (IAAS). It provides visibility and grants organisations with the ability to extend the scope of their respective security policies within their framework or organisation.

CASBs are developed with the need for secure offsite databases away from their actual physical location (the end client managers), within a data centre in the service providers headquarters, or branch across the world, e.g. Amazon Web Service (AWS), Google Cloud and Microsoft Azure. However, before the advent of cloud computing and Bring Your Own Devices (BYOD), there already existed an apparatus known as the walled garden. Employees and clients began to use this new knowledge with or without the knowledge/consent of the respective IT departments within their establishment/enterprise. This led to corporates and businesses enforcing policies and measures which would help initiate security policies across various platforms and protect sensitive data across all related customer and business platforms.

The services offered by a CASB include but are not limited to:

  • Cloud government and risk assessment.
  • Data loss prevention.
  • Control over features pertaining to cloud services, such as collaboration and sharing of classified data and documents.
  • Threat prevention/detection using User and Entity Behaviour Analysis (UEBA).
  • Malware Detection is a given with any CASBs advanced security features.
  • Configuration auditing.
  • Data encryption and key management to the users’ specifications are a service rendered by a CASB provider.
  • Single Sign-On (SSO) and Identity Access Integration Management (IAM) which are both key components to any cloud-based security feature available within a CASB framework.
  • Contextual access control is also crucial here within the CASB framework.

There are four principles or pillars of the CASB:

  1. Visibility
  2. Compliance
  3. Data Security
  4. Threat Protection.

Overall, CASB provides visibility in a large business when users are obliged to enter information about their devices and applications. The cloud discovery analysis provides assessments for potential risk with each user. This gives the companies IT security professionals the insight as to whether to block a potentially harmful application or not. Businesses can outsource all their system and data storage to the cloud service provider. This can be done to maintain compliance in the cloud by addressing issues, such as regulations put in place and regulatory practices.


No posts found

Write a review

Resource Search


Get every new article on your e-mail