A particularly common solution for the secure use of cloud services is the use of a Cloud Access Security Broker (CASB) or, in French, a secure Cloud access gateway. A CASB is software designed specifically to control and protect access to the cloud. This new cloud security solution is placed between cloud service and cloud user, and controls their communication: it is therefore an external Cloud security gateway. A CASB also has many other functions: it serves as a monitoring and management tool in the cloud, it informs about irregular processes and determines the action to be taken in the event of a security message. A CASB is a new group of software designed specifically for enterprise cloud workflows.
A CASB offers a wide range of services to provide security in the Cloud: it can be used to control user authentication, encrypt data traffic, block unwanted data traffic, identify malware, enable alerts in case of suspicious actions or incorporate additional access requirements. This last condition would include that a CASB must identify and authorize the device through which an employee wishes to access the Cloud. These security measures are defined in advance and then applied by the CASB. Many CASBs work with other security solutions, such as those for encryption, multi-factor authentication, IAM (Identity and Access Management Or identity and access management : GIA) or SIEM (Security information and Event Management).
Thanks to these services, a CASB largely meets the current security requirements of companies. Research institute Gatner predicts that 85% of companies will secure their access to the cloud via a CASB service by 2020. It is therefore not surprising that some of the young CASB services have already been purchased by large companies from IT: the Elastica service, for example, was acquired by Blue Coat Systems (part of Symantec) and Adallom by Microsoft. This illustrates the potential of this industry and shows the topicality of the issue of cloud security.
CASB services such as CensorNet, Bitglass, Netskope or CipherCloud should be well integrated into the company’s existing infrastructure in order to function properly. This means that they must be connected to the company’s user management and at the same time deeply integrated into the clouds that they are supposed to protect. Many CASBs already support cloud services like Microsoft 365, OneDrive, Box, Google Apps, or Salesforce. But they are also able to implement services they don’t know about.
There are different ways to integrate a CASB into a corporate network. CASB software is either cloud-based or locally operated. It is integrated into the company’s IT infrastructure as a central gateway or as an API application. Both variants have advantages and disadvantages: if the CASB is implemented as a gateway, it is located directly between the user and the cloud service. It is therefore activated in the data stream and can block unwanted actions directly. However, one of the disadvantages of this variant is that the performance of the Cloud can be degraded as the workload increases. If a company has many employees, API-based solutions are appropriate. In this case, the CASB is not in direct communication with Cloud users. Although the CASB cannot intervene directly in these actions, it has no impact on cloud performance.
