Cloud Access Security Brokers
What is Cloud Access Security Broker (CASB) Software?
Cloud Access Security Broker (CASB) Software is designed to allow organizations to extend their on-premise security policies to it’s interactions with a 3rd-party cloud provider's infrastructure. This software acts as a broker ensuring that network traffic between on-premises devices and the cloud provider complies with the organization's security policies.
The use of unauthorized cloud applications in large enterprises is growing as business units provision their own applications and bypass the IT organization. This practice is highly problematic in regulated industries. CASB can identify unauthorized cloud applications so that they can be brought under the security policies of the organization. This functionality provides organizations visibility into cloud service usage, ensures regulatory compliance, protects organization data, and mitigates some external threats.
CASB software most commonly uses a mix of APIs and proxy services to mediate systems and devices’ interactions with 3rd-party cloud providers. For instance, CASBs will forward proxy managed devices to control interactions to the device from the cloud provider server, and they will also reverse proxy unmanaged devices to control interactions for the unmanaged device to the cloud provider. This allows CASBs to both protect devices and systems from cloud provider vulnerabilities, as well as protecting cloud-based systems from certain device vulnerabilities and risks, particularly unmanaged devices.
CASB Solutions Comparison
When comparing cloud access security brokers, consider these factors:
Granularity of Policy Controls: How granular will each CASB allow administrators to get with security policies? Common factors include device type,
On-Premise and SaaS Integrations: How well does each CASB integration with the other systems the organization uses? Pay close attention to other security systems in particular, such as SIEM, firewalls, or other endpoint security systems. These systems collectively inform the organization’s broader security posture, and should be evaluated holistically.
Use Case: Is the business primarily concerned with maintaining compliance, granting better visibility for other security systems like SIEMs, or protecting data itself? Most CASBs should be able to serve each use case to some extent, but may offer special functions and capabilities for certain use cases, such as meeting specific requirements for highly-regulated industries.
Pricing varies depending on the kinds of access being brokered and the range of services offered by the CASB. Pricing usually starts at $2/month for a functional CASB deployment and scales up to $30+/user/month for more advanced systems and offerings. Budgeting should also account for IT administration and overhead for the CASB.
Avanan connects leading security technologies to the most widely used enterprise cloud applications, in order to improve protection of sensitive corporate data and IP. According to the vendor, Avanan's one-click deployment allows customers to deploy a new security solution in seconds.…
Forcepoint CASB promises to help eliminate security and compliance blindspots by providing visibility into users' devices and cloud apps. The vendor promises the following benefits: Discover and risk-prioritize all unsanctioned cloud use (Shadow IT) to quickly and easily determine…
Netskope cloud access security broker (CASB) enables the user to identify and manage the use of cloud applications, regardless of whether they are managed or unmanaged, and prevents sensitive data from being exfiltrated from your environment by risky insiders or malicious cybercriminals…
Proofpoint Cloud App Security Broker (CASB) secures applications such as Microsoft Office 365, Google’s G Suite, Box, and other services, providing visibility and control over cloud apps.