Zones Blog

A better way to secure the cloud

Written by Zones | Dec 6, 2016 2:36:34 PM

CASB – The smart solution for cloud security

The most common concern around the cloud is data security. Companies need to be continuously aware of how and where their data is stored in the cloud, all while ensuring they’re compliant with any regulations which apply to them.

Enterprises are struggling to understand the data security and compliance impact of organizational, departmental, and especially rogue or “shadow” adoption of cloud applications. This is where a Cloud Access Security Broker (CASB) comes into play.

A CASB platform enables companies to confidently leverage cloud applications and services while staying safe, secure and compliant. It provides visibility into shadow IT, governance over data in cloud apps, and protection against threats targeting cloud accounts. It’s like an IT air-traffic control system, and represents a peace-of-mind play, given the complexity of cloud security and fear of compliance issues. Zones can help you navigate these complexities by implementing a CASB platform.

CASB defined

A Cloud Access Security Broker is a set of cloud security technologies that addresses the challenges presented by cloud apps and services including SaaS and IaaS. CASB solutions help organizations deliver the productivity gains promised by cloud applications and services by providing critical visibility and control over the way such services are used. CASB helps IT:

  • Identify and evaluate all the cloud apps in use (shadow IT)
  • Enforce cloud application management policies in existing web proxies or firewalls
  • Enforce granular policies to govern handling of sensitive information, including compliance-related content
  • Encrypt or tokenize sensitive content to enforce privacy and security
  • Detect and block unusual account behavior indicative of malicious activity
  • Integration cloud visibility and controls with broader security solutions for data loss prevention, access management, and web security

What does a CASB deliver?

Cloud App Discovery and Analysis – Shadow IT discovery and risk analysis including detailed cloud app ratings, usage analytics, and continuous reporting.

Data Governance and Protection – The ability to enforce data-centric security policies to prevent unwanted activity such as inappropriate sharing of content. Support encryption and tokenization of compliance-related data.

Threat Protection and Incident Response – Prevent malicious activity such as data exfiltration due to account takeover, session hijacking, or insider activity through continuous monitoring of user behavior. Identify and block malware being uploaded or shared within cloud apps and provide tools for incident response.

Compliance and Data Privacy – Assist with data residency and compliance with regulations and standards, as well as identify cloud usage and risks of specific could services.

CASB solutions are usually deployed in the cloud as a cloud service. Effective CASB solutions need to cover a wide range of scenarios, including sanctioned and unsanctioned cloud apps, business and personal accounts on sanctioned apps, mobile devices and desktops, and managed and unmanaged devices.

To address all these scenarios, comprehensive CASB solutions leverage the following:

Application Specific Security – The top cloud apps have well-defined APIs that a CASB can leverage to monitor activity, analyze content, and modify settings within accounts on that cloud app. Most CASBs offer cloud application-specific security solutions that leverage these APIs.

Inline Security with Gateways – Sitting between the users and their cloud apps, a CASB gateway can provide valuable insights into cloud activity and provide a vehicle for real-time policy enforcement, such as blocking data exfiltration or protecting information with encryption.

Shadow IT Analysis – Existing security devices, such as secure web gateways and firewalls, have log data that can be used to help analyze Shadow IT.

Access Control – Endpoint agents offer another option to manage cloud activity and enforce policies.

Current CASB leaders

Symantec CASB gateway
The Symantec CASB gateway provides in-line traffic analysis and control over a wide range of cloud apps; offering security over use of both sanctioned and unsanctioned cloud apps. Symantec Securlets deliver visibility, data governance and threat protection through direct integration with popular cloud apps, providing security over all data and activity in an organization’s cloud accounts regardless of how users are accessing the cloud.

McAfee Cloud Data Protection
While the rise of SaaS applications and a highly mobile workforce dramatically increases the productivity and agility of businesses, it also creates new operational and security “blind spots” as users directly access services and sensitive data out-of-band from the oversight of traditional corporate boundary protections. McAfee Cloud Data Protection provides a critical enablement point for cloud service visibility, threat protection, data security, and compliance across cloud-based applications and platforms through a centralized point of control. Register now to participate in the product beta.

Ask your Zones account executive to arrange a conversation with one of our cloud security specialists who can walk you through all the functionality and benefits of bringing CASB technology into your cloud infrastructure.