Jump to content

Cloud access security broker

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Kohgadaddy (talk | contribs) at 22:50, 10 August 2017 (Cleaned up sources). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A Cloud Access Security Broker (CASB) is a on-premises or cloud based software that sits between cloud service users and cloud applications to monitor all activity and enforce security policies[1]. A CASB can offer a variety of services, including but not limited to monitoring every action of the users, warning administrators on specific actions that are seen as potentially hazardous, enforcing compliance to security policies and taking automatic actions for malware prevention.

Types

A CASB can be offered as a one of two major architectural paradigms[2].

A perimeter/agent-centric CASB is deployed as a gateway between cloud applications and the on-premises system. It is intrusive and focuses on prevention and access control. However it can have a high impact on performance and difficulty in scaling which also result in a limited coverage[3]

An API-centric CASB uses direct API to the cloud services. It is fast, non-intrusive and focuses on detecting, analysing, managing and preventing user activity. It may not allow real-time blocking, but benefits from cloud technology scalability and speed and can seamlessly integrates with major cloud applications.[3]

Common features

Discovery

A CASB that has access to the firewall logs of a system's network can provide details on the unsanctioned and sanctioned applications that the users use. In that manner, an administrator can know whether someone is using applications or websites that can be dangerous to the security of the system, their authentication data or the organization's resources.

Security

CASBs usually provide several tools and automated controls, with which an administrator can enforce security policies to applications, regarding identity management, applications, content and infrastructure.

Monitoring

A CASB is also using firewall logs to monitor user and application security activity and provide detailed reports. The variety of these reports depends on the CASB vendor and the architecture.

Incident response

Some CASB vendors also support automatic responses to threats or user misbehaviour. These responses can be as simple as a detailed notification to an administrative team to remediation of the threat by blocking access or enforcing policies.

References

  1. ^ "What is a CASB (Cloud Access Security Broker)? - Skyhigh Networks". Skyhigh. Retrieved 2017-08-10.
  2. ^ "Cloud Access Security Broker (CASB) Deployment Modes Best Practices". Skyhigh. 2017-05-01. Retrieved 2017-08-10.
  3. ^ a b Gleason, Micheal. "Selling Snake Oil: What Proxy and Gateway CASB Vendors Won't Tell You". CloudLock (Blog). Cisco. Retrieved 16 May 2017.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Cloud_access_security_broker&oldid=794932507"