The Cost of Ignoring the Cloud
As IT operations began to move from on-premises installations to the cloud, organisations looked for ways to bring security to the cloud. One of the tools they found was CASB — Cloud Access Security Broker. Now, a decade on from their introduction, CASBs are common parts of the enterprise security infrastructure. But for many small-medium organisations, they're often overlooked.
The cost of ignoring cloud security is clear. In 2023, 82% of breaches involved data stored in the cloud. Despite this, and the fact that half of small-medium organisations rely on cloud technology, only 34% of organisations can control cloud application use on their network. Small-medium organisations are struggling with an onslaught of threats, but don't have the tools to protect themselves.
CASB: The Missing Piece of the Puzzle
Originally built to offer complete visibility, CASBs were on the frontline in the war against "shadow IT" and its use of unapproved cloud services. Deployed at the network edge and using a variety of proxy types, a CASB can identify every call to or connection from a cloud service, whether or not the cloud was approved.
But knowledge alone wasn't enough, so CASB needed to evolve. The CASB solutions of today not only find the cloud applications, but can secure them too (or enforce security controls against specific actions). This evolution ushered in what Gartner termed as the "four pillars" of CASBs. These pillars encompass Visibility, Compliance, Data Security, and Threat Protection, each playing a critical role in bolstering cloud security.
Visibility
In its purest form, CASB should give you visibility of all the cloud services used across your network. It doesn't stop there. CASBs can get much more granular - for example, allowing you to see exactly how employees are using cloud services. Security teams can use this knowledge to go beyond the traditional "block and allow" approach and start building a bespoke rule base.
It's also great for companies who want to start to utilising employee education as a primary line of defence. It's much more effective to have a chat with Charlie from Accounts about his specific use of Dropbox, instead of sending a company-wide generic memo.
Compliance
A fully formed CASB, especially one leveraging APIs over proxies, has the ability to look at the data being moved from one cloud to another, and between on-prem infrastructure and the cloud.
Regulatory compliance hinges on the knowing where and how data is stored. CASBs have become instrumental in monitoring the state of cloud-bound data, identifying and rectifying instances of policy violations by employees.
领英推荐
Data Security
Given their comprehensive grasp of data status in the cloud, CASBs are in an ideal position to effectively protect this valuable information. Through the utilisation of API controls, CASBs can gain visibility into transactions, even those occurring between cloud services that bypass the enterprise network.
This visibility enables CASBs to enforce crucial policies, such as data encryption or obfuscation, specific requirements for authentication and access control, and other parameters that guarantee the secure storage of data.
Threat Protection
The essence of a CASB lies in its capability to enforce access and authentication controls for data and applications in the cloud - "access" is part of the very name. By monitoring activities and enforcing policies through integration with existing Single-Sign-On (SSO) or Identity-as-a-Service (IDaaS) tools, CASBs exemplify their strength in threat protection.
While next-gen firewalls, web application firewalls, and other security tools are generally considered complex to set up to greatest advantage, CASB is relatively easy to configure and deploy, even for less experienced security teams. The cost of ignoring this tool could be disastrous.
Next Steps
Want to learn more about enhancing cybersecurity with CASB? Join us for our next webinar as Gareth Lockwood, VP of Product demystifies the intricacies of Cloud Access Security Brokers (CASBs) and explores their instrumental part in transforming business security.