According to Gartner, the cloud access security broker (CASB) market can be defined as “products and services that address security gaps in an organisation’s use of cloud services… They deliver differentiated, cloud-specific capabilities generally not available as features in other security controls such as web application firewalls (WAFs), secure web gateways (SWGs) and enterprise firewalls.”

CASB technology is the outcome of increased cloud adoption and the subsequent need to secure cloud services. CASB solutions give businesses the ability to discover, analyse, secure and manage cloud activity across multiple networks and devices, whether users are on the corporate network or working remotely. CASB provides granular visibility and control over specific user activities and sensitive data.

 Cloud Access Security Brokers deliver functionality through the following four pillars:

Visibility is the cornerstone of cloud security, it’s the vital first step – you can’t secure what you don’t know. CIOs who haven’t gone through the visibility and discovery stage report that they have on average 30-40 cloud apps in use across their organisation, but that number is in fact more likely to be around the 1000 mark. CASBs provide essential visibility across all sanctioned and unsanctioned cloud app use across a business. They enable IT teams to go beyond an “allow” or “block” position with cloud services, meaning IT teams can manage access to specific features within specific apps – allow upload and download of files to and from the sanctioned cloud storage app but limit all other storage apps to download only for inbound sharing, for example.

As more and more businesses move to the cloud, the need to ensure the privacy and safety of corporate and personal data is more important than ever. Organisations must comply with the many regulations designed to protect sensitive information, such as PCI DSS, GDPR and HIPAA. Cloud Access Security Brokers can help to identify data in the cloud and provide a comprehensive audit trail of user activity for demonstrating compliance to internal and external auditors.

Misconfigured shares in cloud apps have overtaken hacking and large-scale data breaches as the number one cause of data loss. CASB solutions have the ability to scan files on upload and change for specific content using predefined DLP templates, as well as scanning files for malware.

Malware and cloud-only malware is increasing in volume and sophistication – targeting specific cloud apps. Alongside a marked increase in malicious or accidental insider actions. Cloud Access Security Brokers offer advanced protection to identify and stop cloud-based threats, protecting against malware using a powerful combination of technologies and multiple security layers. Unusual, suspicious or malicious user activity – associated with potential data exfiltration – can be identified and managed.