What is a Cloud Access Security Broker?
IT organizations are increasingly choosing to host critical IT infrastructure and applications in a hybrid cloud environment, where many critical applications and services are hosted off-site using a Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) or Infrastructure-as-a-Service (IaaS) delivery model.
For organizations that depend on the hybrid cloud to deliver key services to the business, there is a continual need to govern and monitor access to those services and ensure that connections between users and the organization's cloud infrastructure are secure and invulnerable to cyber attacks.
A Cloud Access Security Broker (CASB) is a software application that mediates user access to cloud-based application. CASB tools can be hosted on-premises or deployed into the cloud. Their core functions include monitoring activity and communications between users and cloud-based infrastructure and applications, as well as enforcing user compliance with predefined security policies.
How Does a Cloud Access Security Broker Work?
From a network architecture perspective, a cloud access security broker sits between the cloud service users and cloud service providers. The need for CASB applications arises from the reality that SaaS applications typically offer the user access to only the user interface of the application. This means that organizations may not be able to customize or change the application to enforce compliance with its own internal security policies. This can make it difficult for organizations to govern access, usage or security of a SaaS product in accordance with its policies, and this is exactly the problem that CASBs try to address.
There are three deployment methods for Cloud Access Security Broker tools that help IT organizations enhance their security posture for SaaS-based applications:
Forward Proxy Deployment - Proxy-based deployments for CASB products function by checking and filtering users and devices through a single gateway that sits between users and the cloud-based SaaS services they wish to access. All traffic and communications between the user and application are filtered through the CASB, enabling real-time monitoring and security actions when a threat is detected. The drawback of using an in-line proxy solution is that passing all traffic through a single gateway can cause latency that degrades performance, especially when multiple users are active.
Reverse Proxy Deployment - While a forward proxy filters outgoing connections that originate from users that are protected behind the enterprise firewall, a reverse proxy filters incoming communication from cloud-based applications to users. Reverse proxy servers take requests from the application and apply predefined security policies to them before passing them to users.
API Deployment - An API-based CASB deployment provides security and monitoring of cloud-based applications by talking to the application directly through known APIs. API access means that the pathway used to monitor and secure the application is kept separate from the network path used to transmit data between the user and application. As a result, API deployments do not tend to cause latency or slow-downs in the service. The trade-off, however, is that API deployments lack the real-time monitoring and threat detection capabilities of proxy-based deployments that monitor traffic through a single gateway.
IT organizations can also implement a combined architecture for Cloud Access Security Brokers known as "multimode", meaning that it supports both API-based and proxy-based functions. This combination of features offers the benefit of real-time monitoring, but with reduced latency for users.
Key Components of a Cloud Access Security Broker
There are four key areas where IT organizations can benefit from the deployment of a Cloud Access Security Broker tool into the hybrid cloud environment.
CASB tools almost always incorporate a strong network/application discovery feature that helps IT organizations identify when users are accessing unauthorized or unsecured cloud-based applications. If a user or group of users at your organization signs up for a SaaS-based application without going through IT, analysts can use CASB to identify the application and the users accessing it. In this way, CASB provides full visibility of your hybrid cloud environment.
CASB tools can be used to enforce compliance with software license agreements, helping organizations avoid the negative consequences of a failed software audit. They can also be used to identify sensitive data that is being used in the cloud and to protect that data in compliance with data security and privacy standards or regulations (HIPPA, PCI DDS, ISO/IEC 27001, etc.)
CASB software can enforce security policies that help protect sensitive data, such as tokenization, encryption, access management and information rights management. CASB software can also be used to block or sanction certain cloud-based tools that are known to have poor security.
Cloud-based applications can act as an attack vector for cyber criminals, and with the growing popularity of cloud-based deployment models, the risk is steadily increasing. CASB applications can be used to search files deployed within the cloud for malware and quarantine any malicious files before they can infect the IT infrastructure.
What Security Features Can Be Used with Cloud Access Security Brokers?
IT organizations have a tremendous amount of flexibility when it comes to choosing which security policies should be implemented through CASB. Here are just three ways that a CASB can be used to create better access controls with respect to applications deployed in the cloud:
Authorization - An IT organization may want to restrict some users to accessing just certain applications, or just certain parts of those applications. For the company CRM, sales employees might need full access while marketing employees need just partial access. CASB tools can construct policies to only allow application access to appropriately authorized individuals.
Single Sign-On (SSO) - SSO is a system where a user can input a single login and password to access a set of systems or applications that would normally each require their own login information. SSO means that a user only needs to be authenticated once before they can access applications on the network up to their authorization level.
Authentication - Authentication is a security feature whose goal is to establish the identity of the client or server that is accessing something or making a request. Organizations may have their own user authentication policies that can be applied to cloud-based applications using a Cloud Access Security Broker.
Secure Your Cloud Environment with Cloud Access Security Broker and Sumo Logic
Sumo Logic uses industry-leading technology, including machine learning and big data analysis, to support and maintain the security posture of your hybrid cloud environment. With threat detection and incident response capabilities, Sumo Logic delivers effective security controls that complement your CASB tool and help protect your IT infrastructure against cyber attacks.