Contributed ArticleThe cloud has come a long way, from an architectural gimmick in the early years of this century to an indispensable element of enterprise. If you are to compete in the emerging digital economy, you are enmeshed in the cloud. Likewise, cybersecurity has evolved from its 80s origins.
Back then, attacks were no more than irksome digital horseplay, and corporate backroom uber-techies were more likely to be the instigators of incidents than to be their investigators. Today, of course, we live in the era of the CISO, and threat actors are an industry.
Regionally, as globally, the pandemic forced businesses into the cloud in staggering numbers, amid a growing forest of government regulations on data safety and privacy. The complexity of the new IT stack, multi-cloud environments, increased remote access, and the resurgence of shadow IT, has put a strain on security teams, which in turn has threatened attrition rates that organisations can ill afford, given the regional skills gaps in cybersecurity.
Unsanctioned shadow IT should have no place to hide and the CASB should be able to manage or block it automatically
The best answer to these issues is the cloud access security broker CASB, a cloud-native or on-premises solution that sits between users and cloud services, providing a range of protection measures. We have seen CASBs used in the delivery of cloud governance and risk assessment. We have seen the technology leveraged in data loss prevention, and to control collaboration and sharing in cloud environments.
Data must be protected wherever it resides, across SaaS, PaaS, and IaaS solutions, but also when in transit
It can also be part of user and entity behaviour analytics UEBA, malware detection, data encryption and a slew of other use cases, including Secure Access Service Edge, SASE. SASE is an increasingly popular protection framework that unites technologies such as Secure Web Gateway SWG, Zero Trust Network Access ZTNA, and Firewall-as-a-Service FWaaS with CASB and wide-area-network WAN architecture to provide a safer digital estate.
CASBS must integrate with third-party data loss prevention so organisations can extend legacy DLP policies to protect cloud apps
Since CASB provides the best future for security teams that find current complexities unsustainable, it is only prudent that we establish best-practice pillars that guide us during procurement.
Here are four such pillars.
#1 Visibility
Many cybersecurity solutions offer visibility as standard, and all CASBs will too. However, it is in the breadth and depth of visibility that decision makers will find differentiation. Comprehensive CASBs should integrate with security logs from network devices, firewalls, proxy services, logins, uploads, downloads, file sharing, and more, to give the fullest possible picture of how sensitive data is being used.
Unsanctioned shadow IT should have no place to hide and the CASB should be able to manage or block it automatically through either predefined policy or ML-powered detection and analysis. Cloud Security Posture Management CSPM should ideally be present to allow the automation of policies across multiple SaaS and IaaS clouds, thereby eliminating the need to manually police configuration.
CASBs take the sting out of compliance by providing predefined templates for cloud migration that align with government and industry standards
#2 Data security
Data must be protected wherever it resides, across SaaS, PaaS, and IaaS solutions, but also when in transit. Today, across the region, sensitive data is commonly stored in public clouds, and first-generation CASB solutions often only encrypt at-rest data, which leaves in-transit data vulnerable to attackers. Robust CASBs should ideally have a natively integrated advanced data loss prevention solution built into the platform that consistently manages data across multiple SaaS applications, emails, and custom cloud deployments, with protection options that go beyond allow, deny.
Additionally, a CASB must integrate with third-party data loss prevention solutions so that organisations can extend legacy DLP policies to protect their cloud apps. The CASB should also have multimode data-inspection capabilities for securing historical data and real-time cloud collaboration; and policy enforcement should cover upload, download, share, and collaborate functions. And of course, in a region where regulatory compliance is front of mind, the solution should provide predefined and customised policy templates for PCI, HIPAA, GDPR and others.
#3 Threat protection
Both signature-based protection which consults catalogues of malware signatures to identify and block incursions and behaviour-based protection continuous monitoring of activities by users, devices, and applications to detect anomalous activity have a place in the modern security posture. For the latter, CASBs should offer integrated User and Entity Behaviour Analytics UEBA, which uses machine-learning algorithms to model behaviours and detect deviations from norms.
Click-incident analysis and information on geo-logins, source IP addresses, and devices should all be standard, as should specifics on uploads, downloads, edits, deletions, logins, and logouts. Meanwhile, the CASB should be able to handle any flagged anomaly, offering zero-day threat protection and sandboxing to address infected content in real time with optimal latency.
#4 Compliance
The need to meet regulatory obligations is no longer unique to healthcare and finance organisations. Standards such as the UAE’s Personal Data Protection Law do not distinguish by industry, instead placing the responsibility for maintenance of confidentiality and privacy on any companies that have personal data. Good CASBs take the sting out of compliance by providing predefined templates for cloud migration that align with government and industry standards.
They also offer encryption and key management that can be tailored to the rules of a specific legal jurisdiction and that ensures keys are exclusively retained by the organisation and not shared with cloud service providers. Also critical is the CASB’s ability to perform historical scanning across multiple SaaS clouds for the purposes of audits and to offer DLP templates for the identification of security blind spots and open shares.
CASBs bring a range of benefits to the digital business. When security teams can see all cloud use and data at a glance, they have true control over the estate. CSPM protects against cloud threats and misconfiguration. DLP secures and controls data shared externally with encryption and rights management. And UEBA covers insider threats. All that is left is the vigilant eyes of a knowledgeable team. The cloud will then become what it was meant to be, a place for invention and operational efficiency.
