What CASBs Can and Cannot Do to Secure Your Data
Cloud Access Security Brokers (CASBs) became popular in 2016 and are continuing to get attention from companies, research analysts, and the media. They have emerged as a response to the security and compliance issues caused by cloud adoption and offer visibility into data security threats related to cloud apps usage. CASBs usually sit between users and cloud apps, acting like a gateway to intercept users’ activity and offer control and compliance. The interesting part is that they combine a sum of functionalities from different other existing solutions – firewalls, SIEM, Data Loss Prevention, encryption, and others.
Just to make sure CASBs are not confused with other tools, let’s see what CASBs can and cannot do to secure your data.
1. Provide visibility into cloud apps use
CASBs can detect file uploads and downloads and data traffic for approved or unapproved apps and it can go further than this to offer information about users’ actions and behavior analytics, specifically who is storing or transferring what data, through what app. They can also specify which apps are compliant or not with the industry regulations and detect anomalies in use, including if malware is present. For companies dealing with Shadow IT, CASBs can eliminate the unknown factors and outsmart users by identifying exactly what cloud apps are in use and giving back the power to the IT department.
2. Protect against threats
CASBs monitor in real-time the cloud apps usage and report also in real-time compromised accounts, exposed confidential data like Credit card Numbers, Social Security Numbers, etc.
Most CASBs solutions offer the following features for threat protection and remediation:
- Detection of abnormal amount of confidential records accessed/transferred by a user
- Detection of leaks of sensitive information like Personally Identifiable Information, Intellectual Property, business records, and others
- Activity monitoring
- Block, quarantine or encrypt sensitive data
- Alerts for suspicious activity
- Detect and eliminate malware in cloud services and platforms
3. Encrypt data
There are several approaches. Some CASBs use their native encryption capabilities, while others use third-party encryption solutions or make use of the cloud services’ encryption functionalities. Either way, CASBs are aware that a pain point for organizations is the security of their confidential data residing in the cloud so they added encryption to help with regulatory compliance and to protect corporate data stored in cloud applications. To differentiate CASBs offers, you might want to search for providers that allow you to manage the encryption keys for increased control.
1. Act as a firewall
If you are thinking that you can use a CASB and lose the firewall or the other way around, think again. While firewalls lend features to CASBs, their role should be clear and shouldn’t be overridden by CASBs. Firewalls have visibility into incoming and outgoing network traffic and do a great job protecting organizations against worms, identity theft, representing the first line of defense. Firewalls shouldn’t be taken for granted especially for the longevity, having emerged in late 1980’s and supporting several transformations, while CASBs have only a few years on the market.
2. Replace DLP solutions
At a glance, CASBs seem valid solutions to use for DLP purposes. From the insider threat mitigation and compliance perspective, CASBs provide strong DLP capabilities. However, they are limited to cloud apps and services. They do not scan and detect suspicious activity and confidential data transfers from desktop applications like Outlook, Google Drive client, Skype, iCloud Drive, or actions like print screens, file sent to printers, copied to portable storage devices, and other exit points. CASBs can be integrated with DLP solutions, but also for more visibility into cloud apps. They should be perceived as an extension to DLP solutions, not a replacement.
3. Work with onsite intranet data
Closely related to the previous point, CASBs cannot secure data in intranet applications and services. For example, network shares are a vulnerable spot in organizations, with data going back and forth between computers connected to LAN. Without an Internet connection, CASBs cannot inspect any data transfer or app, leaving aside the fact that network shares are not cloud-based. Then, there are the HR apps which are very popular in Intranet and are also subject to the same vulnerabilities as network shares and are not covered by CASB solutions. To secure critical data on the Intranet, consider using DLP, e-mail filters, firewalls, encryption, etc, depending on your setup and type of information to protect.
CASBs rely on a quartet of functionalities: visibility, compliance, data security, and threat protection. Each of these four functionalities refers to cloud services and applications. The key takeaway here is to clearly understand the extent of CASBs’ coverage, the strengths, and limitations and to make sure you do not overestimate or underestimate their capabilities. The best course of action when adopting a CASB is to find out if it complements your existing security implementation and how it would fit into your infrastructure.