The CASB Primar

Imagine you have bought a new and shining car, a real piece of cutting-edge technology marvel with many features like ADAS, a 16-inch touch screen, and an AI-based assistant that can also maneuver the vehicle in an emergency. Keeping it shining and in a pink state would be your concern number 1. Next, your partner wants it for a drive, which you obviously can’t say no to.

While you have confidence in your partner’s driving ability, you still get slightly worried. What if someone else accidentally breaks your possession? What if someone dashed it from outside? What if your partner does not understand a new feature and mistakes it for something else, which may result in an accident?

In this short story, replace yourself with the businesses, your partner being the employees/vendors/stakeholders and everyone else as an outside entity.

This is how businesses feel when using Azure, AWS, Google Cloud or IBM cloud offerings to store their essential files. They want to share these files with their employees and even other businesses. Still, they’re worried that someone might do something terrible with the files, like steal or delete them by accident.

That’s where a CASB (Cloud Access Security Broker) comes in. A CASB is like a special helper that watches over the cloud service and ensures everything is okay. It checks who’s accessing the files and what they do with them and ensures that no one is doing anything wrong. It’s like having a security guard for your car- they provide that everyone is using it responsibly while keeping it safe (and in one piece)

Let’s have a quick primer on what CASB is and how it works.

  • What is a CASB? – A CASB is a security solution that provides visibility and control over cloud services being used by an organization.
  • What are the key features of a CASB? – A CASB typically includes data protection, threat protection, access control, and compliance monitoring. It can help prevent data leakage, detect and prevent cyber threats, control access to cloud applications, and ensure compliance with industry regulations.
  • How does a CASB work? – A CASB intercepts and analyses network traffic between an organization’s on-premises infrastructure and cloud services. It can apply policies to control and secure cloud access, monitor cloud activity, and generate alerts for suspicious behaviour.
  • What are the benefits of a CASB? – A CASB can provide numerous benefits to an organization, including improved visibility and control over cloud usage, enhanced data protection, and increased compliance with industry regulations.
  • What are some use cases for a CASB? – CASBs can be used for various purposes, including securing data in cloud storage, protecting cloud applications and services, securing data in transit to and from the cloud, and enforcing compliance with industry regulations.

Many options are being marketed these days; however, almost all can be segregated between three types of offerings.

  • API-based CASB – An API-based CASB integrates with cloud services through their APIs (Application Programming Interfaces), which allows it to gain visibility into user activities, enforce policies, and monitor usage. This type of CASB does not require any hardware or software installation, making it a lightweight and easy-to-deploy solution.
  • Proxy-based CASB – A proxy-based CASB is deployed as a proxy server between users and cloud services. It intercepts traffic between users and cloud services, allowing it to enforce policies and inspect data in real time. This type of CASB provides greater control and visibility into cloud usage. Still, it can impact network performance and require additional hardware.
  • Agent-based CASB – An agent-based CASB involves installing a software agent on user devices to monitor and enforce cloud service usage policies. This type of CASB provides the most granular control and visibility into cloud usage. Still, it can be more complex to deploy and manage.

Organizations should carefully evaluate their needs and requirements when selecting a CASB solution, as each type has strengths and limitations. For example, API-based CASBs are an excellent choice for organizations with limited IT resources and quick deployment needs. At the same time, agent-based CASBs may be more suitable for organizations that require more granular control over cloud usage.

Deploying the CASB will be a standard in the coming days; however, its adoption and implementation strategy will still differ for different companies. Hence, the information security team must initiate consultations and discussions on the following topic to build consensus and prepare a business case.

  • How CASB fits into your organization’s overall security strategy – You should articulate how a CASB can help your organization address specific security risks and challenges related to cloud adoption.
  • The technical workings of a CASB: You should have a deep understanding of the technical workings of a CASB. This includes the different types of deployment models, how data is protected, how threats are detected and prevented, and how access is controlled.
  • The different types of CASB solutions: Familiarity with the different kinds of CASB solutions available on the market, including API-based, proxy-based, and agent-based solutions, will prepare a solid foundation for decision-makers. It will also help to understand each type’s strengths and limitations and evaluate which solution is best suited for your organization’s needs.
  • The compliance and regulatory implications of CASB: Specifically, as a CISO, you should have a solid understanding of the compliance and regulatory implications of using a CASB. You should be familiar with relevant regulations, such as GDPR and HIPAA, and understand how a CASB can help your organization meet these requirements.
  • How to implement and manage a CASB – The information security team should be familiar with the best practices for implementing and managing a CASB. This includes considerations such as integration with existing security tools, policies for configuring and enforcing security controls, and processes for monitoring and responding to alerts. A high-level implementation plan may follow the below template.
  1. Define your objectives: Before implementing a CASB, define your objectives and what you hope to achieve. This may include enhancing visibility, enforcing policies, protecting data, or achieving compliance.
  2. Assess your cloud usage: Determine which cloud services are being used by your organization and by whom. This will help you understand the risks associated with cloud usage and identify which services must be secured.
  3. Evaluate different CASB solutions: Evaluate different CASB solutions to find one that meets your organization’s needs. This includes assessing factors such as deployment models, data protection, threat protection, and compliance monitoring capabilities.
  4. Develop security policies: Develop security policies that will be enforced by the CASB. This may include policies for data protection, access control, and threat detection and response.
  5. Configure the CASB: Configure the CASB to enforce your security policies and provide visibility into cloud usage. This includes setting up user authentication, defining data protection rules, and configuring threat detection and response settings.
  6. Train employees: Train employees on the importance of using cloud services securely and how the CASB will help protect sensitive data. This includes educating them on the policies that will be enforced and what actions they should take if they encounter a security threat.
  7. Integrate with existing security tools: Integrate the CASB with your existing security tools, such as your SIEM (Security Information and Event Management) system, to improve threat detection and response.
  8. Test the CASB: Test the CASB before deployment to ensure that it is configured correctly and provides the expected level of security.
  9. Deploy the CASB: Deploy the CASB to your cloud environment, and configure it to monitor and enforce your security policies.
  10. Monitor and evaluate: Monitor cloud activity to ensure that the CASB is working correctly and that security policies are being enforced. Continuously evaluate the effectiveness of the CASB and make improvements as needed.

Implementing a CASB can be a complex process, and having a clear plan is essential. It may be helpful to work with a qualified security professional or vendor to ensure your implementation is successful.






Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: