Corporate Security Blog

Can a CASB Protect You From the Treacherous 12? - Part 1: CASB 101

Welcome to the first in a four-part series on how Cloud Access Security Brokers (CASBs) can help protect your organization from the top twelve threats to cloud computing in 2016.

Cloud services deliver business-supporting technology more efficiently than ever before. But they also pose significant risk. That's why the Cloud Security Alliance (CSA) published "The Treacherous 12: Cloud Computing Top Threats in 2016" and we published a related white paper.

Whether your cloud services are sanctioned or unsanctioned, the door is wide open for the Treacherous 12. The CSA's report recommends that organizations take security policies, processes, and best practices into account. While that is sound advice, it just isn't enough.

In a Gartner Press Release (10/6/15), "Gartner Reveals Top Predictions for IT Organizations and Users for 2016 and Beyond," they predicted that through 2020, 95% of cloud security failures will be the customer's fault. This does not necessarily mean that customers lack security expertise. It does mean that it's no longer sufficient to know how to make decisions about risk mitigation in the cloud. To reliably address cloud security, automation is the key.

That's where Cloud Access Security Brokers (CASBs) come into play. This blog series will examine whether a CASB can help protect your organization from the top cloud computing threats identified by the CSA working group. The specific topics that I will cover in this series will be:

- Part 1: CASB 101
- Part 3: CASBs and the Treacherous 1-6
- Part 4: CASBs and the Treacherous 7-12

CASB 101

CASBs provide information security professionals with a critical control point for the secure and compliant use of cloud services across multiple cloud providers.  Today, most CASBs focus only on software as a service (SaaS), although they can and should enforce best practices and security policies across all cloud services, including infrastructure (IaaS) and platforms (PaaS). 

CASBs provide four pillars of support by automating visibility, compliance, data security, and threat protection.

- Visibility: CASBs give administrators increased visibility into an organization's cloud usage. This includes discovery tools to help detect use of unauthorized cloud services (shadow or stealth IT), as well as enhanced visibility into access of sanctioned cloud services by managed and unmanaged end users on managed and unmanaged devices, as well as programmatic (cloud to cloud) access.

- Compliance: CASBs impose controls on cloud usage to help enforce compliance with industry regulations (for example, HIPAA). They can also assist in efforts to detect when cloud service usage is at risk of falling out of compliance.

- Data Security: CASBs enhances enforcement to corporate security policies to restrict access to sensitive data and to help make sure that data is encrypted or tokenized appropriately, while still allowing application functions such as search to operate. Most CASBs also offer features to help prevent data leaks, for example, by marking data as sensitive, preventing data downloads, or redacting data.

- Threat Protection: This includes threat intelligence, anomaly detection and malware protection, as well as controlling unauthorized devices and users from accessing corporate cloud services.

In addition to the four pillars, a CASB should also integrate with existing or planned security solutions without creating a security technology silo. Key integration areas include:

- Next-Gen Firewall (NGFW) and Software Gateway (SWG): NGFW and SWG integration enables a CASB to get access to what cloud services are being used within the enterprise, including both sanctioned and unsanctioned cloud services.
- Identity as a Service (IDaaS): IDaaS integration includes user authentication and federation of identities into SaaS applications.
- Data Loss and Prevention (DLP): DLP integration extends CASB support for data security to prevention of data loss.
- Security Information and Event Management (SIEM): SIEM integration enables CASBs to manage incidents and alerts from an existing SIEM system.

In summary, CASB features work together to better protect cloud services, resulting in increased visibility and control across the enterprise. It is reasonable to assume that a CASB can potentially do a significant amount to protect organizations against the treacherous 12 top cloud security threats. My next blog will focus on the role of CASBs in threat protection, and then the final two blogs will talk specifically about each one of the 12 threats to explain the role that CASBs play.

If you don't want to wait for the next three blogs, check out our white paper, "Can a CASB Protect You from the 2016 Treacherous 12?"

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha

Integrated Cloud Applications & Platform Services