What are the Four Pillars of CASB
Cloud Access Security Broker (CASB) is like a firewall which allows the organization to extend their security control beyond their network boundaries. The leading analyst firm Gartner has categorized various functionalities of CASB into 4 pillars i.e. Visibility, Compliance, Data Security and Threat Protection.
From IT perspective one of the most important aspect of cloud services usage is who is using the cloud service and what way it’s being used. Most of the cloud services providers are lacking capabilities in area of audit or logging. They provide very limited support. CASBs overcome these limitation by bringing data points about Shadow IT. It is able to determine unusual access of un-sanctioned application within organisation and raise appropriate alert. It is also possible to determine abnormal behaviour of access to sanctioned apps.
For example if a user is accessing sanctioned app Office 365 at 1:00 PM from Boston and again login from San Francisco at 2:00 PM. The CASB will not only raise an alert but also will be preventing the access from San Francisco.
Another example if a user is trying to upload documents on a unsanctioned app such as Dropbox. The organised has OneDrive as sanctioned app for storage so a access to other cloud service providers such as OneDrive/Box/AWS will be treated as an unusual behaviour and appropriate alert will be raised.
CASB overcomes the issue with data residency by encryption of data at rest. This provides protection to data stored on cloud against data breach. It also provides control to ensure data stored outside the organisation meets all compliance as per the regulatory requirements. CASBs provides out of box visibility for various compliance such as PHI, PCI, PII, HIPAA etc-etc. It also ensure organization Data Leakage Protection (DLP) are monitored on shared data items.
For example allow user to access enterprise Dropbox from office and disallow access to personal Dropbox account within office.
CASB provides out of box capabilities to monitor access to data stored on cloud. It can provide access control on various parameters such as location, IP address, browser, operating system and device.
For example it may block access to cloud services such as G Suite outside the office or add granular control such as access to cloud services only through particular device such as laptop/desktop/mobile. Another example would be allow the user to access G Suite and Salesforce from office but only allow G Suite from the user’s home.
CASB provides various alerts to inform the IT about threats that are detected within the organisation users based on user’s behaviour.
For example a sales executive attempts to download customer data from Salesforce. In such scenario CASB will raise an alert and also prevent the user from downloading the data.