Cloud access security brokers (CASBs) provide visibility, identity and data protection for users accessing the SaaS application and help enterprises bridge Security gap while deploying public cloud apps like Office 365, Salesforce and Box. CASB solutions come into perspective, particularly when cloud based applications are accessed via mobile devices.
CASBs secure the data regardless of the platform by acting as ‘intermediate’ or ‘proxy traffic’ between cloud apps and users. Once proxied, these tools provide visibility for both- Data stored in cloud and synced from cloud to devices. This include- audit logs; security alerts; compliance reports; access control; data leakage prevention; encryption etc.
CASBs serving as a proxy between cloud apps and users, are able to see all traffic to and from those cloud apps, inspect and secure data. For enterprises with sensitive data to protect, particularly those in heavily regulated industries, CASB solutions provide the security and assurance needed to make cloud apps a viable choice.
CASB architectures mainly support two proxy methods — forward and reverse. Each type has its advantages and disadvantages. Most CASBs support both to maximize usability.
- Forward proxies can be used for all application types, but they are difficult to deploy in a distributed environment with a mobile workforce. They cannot separate personal and corporate traffic, and require installation and user acceptance of self-signed digital certificates at each point of use.
- Reverse proxies are simple to deploy and use. They can be deployed for any device or location but do not need to be configured on mobile devices or firewalls. With a reverse proxy, only corporate traffic is vetted, which allows the user to access a personal version of a cloud application directly.
A CASB solution not only protects data stored in the cloud and access to the cloud, but also extends protection to cloud data that has been synchronized or downloaded to end-user devices. Capabilities like client-side file encryption of sensitive corporate data, including the ability to tie data classification policies to data transferred through the CASB, and encrypting the most sensitive data on the fly so it is accessible only to the authorized user downloading that data, ensure data remains secure throughout its lifecycle.
An ideal CASB solution is designed to be fully transparent to users, providing the agility and flexibility of a cloud-based application, fulfilling the enterprises security needs ensuring alignment of end-user experience and business requirements.
By:- Sapan Talwar