Cloud Access Security Broker
Do you know that business users might have been using cloud services in the internet without IT Department knowing? These unnoticed cloud applications are called Shadow IT or Stealth IT, and your business data might stay there unprotected for months or years with a huge risk of data breach by ex-employee or by hacker. Cloud service provider that the employee is using can be as simple as cloud storage (eg: DropBox, iCloud, box.com,Microsoft OneDrive, etc), Email (eg: Microsoft Office 365, GMail, Yahoo Mail, etc), team collaboration (eg: Cisco Webex, Citrix GoToMeeting, Salesforce, ZenDesk, ServiceNow, LinkedIn, etc), or other cloud services.
Cloud provides business agility that never been imagined before, it can be used right away as the business needs it, it can start small, with or without IT Department acknowledgement. The following questions might help you to identify cloud risk in your corporation:
- Who will terminate the access to those cloud services if any of the employee leaves the organization?
- Who will get noticed if hacker/competitor is trying to access those cloud services?
- Will my organization stays secure from the risk data breaches if business users are storing data in iCloud or personal mail?
That’s why today people starts talking about cloud based security such as : cloud access control, cloud services broker / brokerage, data security in cloud, cloud DLP, etc. These security issues in cloud computing can’t be addressed by the old fashioned information technology approach, thus Gartner compile the solution for these issues into Cloud Access Security Brokers (CASBs).
What is Cloud Access Security Broker (CASB)?
CASB is a tool that control user access to your cloud applications, CASBs can implemented either on-premise in a data center, or just simply in cloud security providers.
Before implementing Cloud Access Security Broker (CASB) most companies estimated their business users only use as few as 10 – 50 cloud apps, while after implementing CASB most of them found hundreds cloud apps already being used in the enterprise, these are Shadow IT which are used regularly without IT Department concerns. In fact, there are more than 22,000 enterprise apps available today, which makes it more challenging.
What can CASB do?
CASB can be implemented as a reverse proxy, cloud security gateway, forward proxy, agent, network tap, or as simple as a logger. Each deployment option provides different pros and cons, but the overall benefits as as follow:
- Discovers Shadow IT application : CASB can discover all cloud apps being used in the enterprise, whether sanctioned by IT or not, thus IT Dept can also see Shadow IT application being used by the users.
- Measures application risk : CASB has “enterprise readiness” database for 22,000 applications, this will help IT to determine better policy and guidelines whether an application should be sanctioned or blocked.
- Detects DLP violation : When implemented as network tap or agent, CASB will have complete user traffic to analyze granular user activity to identity.
- Controls policy for at rest content : CASB can enforce encryption to secure the cloud content by using its application specific API Connector. However this capability requires integration between the cloud applications and the API Connector.
- Policy control for sanctioned app : CASB can protect your important corporate application (such as: Office 365 suite), so that it can only be accessed by corporate managed devices. Thus it can keep the hacker/competitor away from your cloud data.
Please send us enquiry for further information.