Cloud Access Security Broker (CASB):Top 8 Use Cases for Improving Data Security

2020 must have come as a shock to many IT managers. Not because so many people wanted to work from home, but because all those other developments that had been going on before the pandemic struck – such as employees using their own devices (BYOD) and, particularly, utilizing cloud computing (Software as a Service – SaaS) and Infrastructure as a Service (IaaS) – revealed a large hole in their security.

Even in 2019, a McAfee survey Opens a new window found that the average IT professional thought their business utilized around 30 cloud services, whereas the true average was 1,935. This is usually referred to as ‘Shadow IT’ – the IT in use at an organization that’s unknown to or not approved by the central IT team. The Flexera cloud reportOpens a new window found in 2020 that 57% of small and mid-sized businesses in their survey had increased their use of cloud because of the pandemic. So, we might conclude that has made the issue of Shadow IT even worse.

Also, many third-party apps are now in use with OAuth permissions. They are used by staff to add features to Office 365, Google Workspace, etc. This is a problem because the IT department has no control over which ones are used or their quality (in fact, the apps may, possibly, be malware), OAuth uses tokens rather than passwords. These tokens are authorized until explicitly revoked (which users rarely bother to do).

There’s also the issue of some cloud accounts being compromised. This often occurs following phishing attacks, where members of staff are tricked into sharing their passwords, or where brute force attacks using multiple usernames and passwords are employed hoping that one will work. Once hackers gain access to a cloud account, they can use it in any way they choose.

Compliance is another issue facing IT teams. Following GDPR and other similar regulations, it now becomes necessary for organizations to know where their data is stored in the cloud and how it is shared. Non-compliance can potentially lead to hefty fines.

Data exposure is another risk that can happen because SaaS Service applications are designed for sharing. And this can sometimes result in critical business data being shared without the users realizing it.

Learn More: Cloud Access Security Broker Bitglass Raises Investment to Help Protect Corporate Data 

Growing Cloud Adoption Spurs New CASB Use Cases

With these issues on top of mind, IT security teams need to tap cloud-specific security solutions to monitor cloud infrastructure. One answer is to use a Cloud Access Security Broker (CASB). GartnerOpens a new window (who first used the term CASB in 2011) suggests that by 2022, 60% of large enterprises will use CASBs. 

Using a CASB will immediately reveal the Shadow IT that exists within an organization. Once the IT team knows what apps are being used (and just how many of them there are), they (the iT team) are better positioned to assess what risk these apps are to the organization.

Many organizations are using multi-cloud environments because using multiple cloud computing and storage services offers many advantages. The problem that companies face is that the security rules that apply to one cloud application don’t, necessarily, apply to all of them. And that can mean data is protected in one app, but when copied to a different app, different security levels (perhaps much weaker) apply. With a CASB, standard security policies can be applied everywhere.

With the exponential growth in cyberattacks and the worry about malicious employees, it’s vital to have some way to identify potential threats and stop them. Again, a CASB can help with this. For example, it can identify unusual behaviour, it can send alerts when it identifies a high-risk app being used, it can identify ransomware, and it can take appropriate remedial action.

With a CASB, it becomes possible to review the compliance capabilities of each of the many cloud apps in use. CASB can then be used to restrict access to non-compliant apps. This not only helps to ensure that an organization stays compliant with regulations but also reduces the risk of data leakage.

Some CASB products may offer additional features too. 

Learn More: Cybersecurity Awareness Month: 6 Tech Leaders on How to Up the Ante on Security 

Here’s a look at the top 8 use cases for optimizing data security and compliance with CASB. 

1. Control and monitor access: A CASB solution enables IT to identify the cloud services that are being used by everyone in the organization. It also reveals whether the cloud services are being accessed on or beyond the corporate network, and whether they are managed or unmanaged by IT.

2. Sharpening the focus on compliance: Using a CASB, organizations can assess how risky any cloud apps are. The apps can be checked to see whether they meet internal security policies as well as relevant industry or compliance requirements. Using this information, IT can decide whether an app should be supported or whether restrictions need to be placed on its use, or whether it should be blocked.

3. Gaining granular visibility into user access and data: Using the CASB, cloud governance policies can be applied to the cloud apps based on the earlier analysis. It’s usual for a CASB to start with three categories. They are — IT-sanctioned services, permitted or restricted services, and prohibited services. The policies can then be enforced. In addition, it’s possible to apply very granular security policies at the user, activity, and data levels. Using a policy, the CASB can be used to identify changes in cloud apps’ usage pattern. It can also alert IT if new, risky, or high-volume apps are being used. Plus, CASB can control access using granular characteristics such as user, role, location, and department. The controls applied can be different depending on whether a user is accessing data on a corporate or personal device.

4. Detect malware incidents: CASB can be used to detect malware running on the corporate network that is exfiltrating sensitive data. It can also detect malware in files uploaded to the cloud. The issue can be remedied before the corporate network is infected.

5. Taking the cloud route to data loss prevention: If users have stored corporate data in any cloud applications, CASB can find it once connected to the corporate network using Data Loss Prevention (DLP) policies. This data can then be checked to see whether it contains any sensitive information. The policy can also identify any files stored in the cloud that are shared with non-approved domains, e.g., someone’s personal email, and remove sharing permissions. It’s also possible to scan every file uploaded to the cloud and apply policy restrictions as required. With people working from home, CASBs can be used to apply granular controls when employees download corporate data to ensure they only access data they are meant to use.

6. Monitor threats and data exfiltration: A CASB solution can capture user activity data within a cloud service and on-premise for audit trails or forensic investigations. In the event that there are compromised accounts, insider threats, and privileged user misuse, a CASB can identify the activity because it analyzes accounts. Alerts can then be sent to the appropriate staff. As CASB learns users’ behavior and creates a behavioral profile, it can notify if users try to exfiltrate data. Again, this can be identified and prevented. Also, accounts may be compromised following a phishing attack. If it’s a privileged account, the CASB can identify activities indicating that it has been compromised and alert IT security staff.

7. Manage identities, access and privileges in public cloud infrastructure: With the growth in the use of Infrastructure as a Service (IaaS) environments, it becomes essential to ensure that the extensive security settings are correctly configured. Otherwise, they may result in a compliance violation. This requires constant auditing. It’s CASB’s Cloud Security Posture Management capabilities that enable an organization to conduct a security configuration assessment across their IaaS environments and potentially identify the source(s) of data leaks. With custom applications on IaaS platforms, security teams aren’t usually able to see what people are doing. A CASB can use an AI-driven application learning app to map activities and ensure appropriate security protocols are in place.

8. Control sensitive data sharing: The CASB solution can be used to encrypt structured and unstructured corporate data stored in the cloud using encryption keys belonging to the originating organization. With CASB, it’s possible to apply information rights management protection to files uploaded or downloaded from the cloud. This protects the files from unauthorized views.

Learn More: When Is the Right Time to Move IAM to the Cloud?

Closing Thoughts

One of the best use cases is to leverage the solution to identify dormant accounts that aren’t being used. For instance, when staff leaves the company, the cloud accounts can be closed. Some users may give OAuth apps access to their corporate accounts, giving them programmatic access to their corporate data and permission levels. A CASB can analyse these OAuth apps to ensure that they meet corporate security guidelines. 

In a multi-cloud environment, security is a big issue facing IT teams and CASB provides a much-needed way to harden corporate security across cloud-based applications that are utilized in digital workplaces, minimize app risk profiles and control privileged access.  It is a one-stop solution for gaming cloud visibility across users, applications and data. For businesses that want to continue operating in the cloud, CASB can help solve practical challenges and give IT teams a consistent view of varied cloud resources —  an essential requirement for maintaining compliance and security configurations.

Do you think CASB  should be an essential element of enterprise cloud security? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!