Contributed ArticleIn 2018, shortly before leaving his job, an engineer who worked for a US Navy contractor transferred over 5,000 files to his Dropbox and emailed a few of the documents to himself. These documents contained sensitive information about company finances and intellectual property pertaining to product designs.
Incidents of data leakage like this have assumed more significance in the present hybrid workforce era. The proliferation of cloud applications used by employees has brought productivity, ease of use, and scalability to work. At the same time, however, it has also brought an increased risk of shadow IT, data exfiltration, and insider threats.
Whenever a deviation from the baseline is noticed, the cloud access security broker alerts the security team to remediate the threat
Simply put, organisations may not know which of the numerous SaaS applications their employees are using contain sensitive data. Considering this situation, it’s essential that organisations broaden their security approach with cloud protection capabilities. A cloud access security broker cloud access security broker can help with precisely this.
Analyst firm Gartner first defined the phrase cloud access security broker in 2012. A cloud access security broker is a solution that sits between an organisation’s users and the various cloud services they access. Because of where it sits, a cloud access security broker can not only help an organisation authenticate and authorise users as they attempt to access cloud resources, but it can also enable the organisation to identify what flows in and out of the cloud.
Listed below are four key capabilities offered by a cloud access security broker:
#1 Visibility
While the cloud makes it easier for teams to collaborate, employees still use different unauthorised and unknown cloud applications, known as shadow applications, for better and quicker results. However, the use of shadow applications is a big issue for the IT team. A cloud access security broker helps IT security teams overcome the issue of shadow applications by providing visibility into cloud app usage, apps accessed from unmanaged devices, users accessing and modifying data on the cloud, and much more for holistic cloud security monitoring.
#2 Compliance
A cloud access security broker helps with meeting compliance requirements by ensuring the security of data, both in transit and in storage. It also safeguards organisations from data exfiltration by monitoring data leakage from the cloud. A cloud access security broker helps meet a variety of compliance standards, including the GDPR, CCPA, HIPAA, and LGPD.
#3 Data security
One of the core objectives of a cloud access security broker is to ensure data security. A cloud access security broker monitors access to data on the cloud and identifies unauthorised access to sensitive data. Security features such as data leakage prevention and access control minimise the possibilities of data leakage.
Research suggests that average employee uses 10 SaaS applications every day, and organisations on average use 254 applications.
#4 Threat protection
A cloud access security broker provides security against both internal and external threats that organisations face. It learns behaviour patterns of users and develops a baseline. Whenever a deviation from the baseline is noticed, the cloud access security broker alerts the security team to remediate the threat.
An organisation’s security operations centre may be highly reliant on a security information and event management SIEM solution today. Within the next two years, you need to ensure that your SIEM solution either integrates seamlessly with an external cloud access security broker or has built-in cloud access security broker capabilities.
There are five strong reasons for doing so: to address the high uptake of cloud applications, correlate events that happen in different parts of the network, prevent data leaks, provide visibility into shadow IT, and offer visibility into identity and access management.
#1 Addressing the high uptake of cloud applications
Research suggests that the average employee uses 10 SaaS applications every day, and organisations on average use 254 applications. These applications could range from third-party analytics tools that ingest customer data sets to consumer versions of approved enterprise apps like Microsoft 365 or Google workspace. On top of that, they may use some of these applications on their own mobile devices.
Organisations should not replace identity and access management programs with CASBs, but rather intersect the two for increased governance
As if the risks posed by utilising all these tools were not enough, most organisations nowadays use a multi-cloud environment with various PaaS and IaaS delivery models. This is why organisations need a cloud access security broker enabled SIEM solution that gives visibility into the applications in use and how they are being used. With such a solution, organisations will know the level of risk posed by a particular application.
#2 Correlating events that happen in different parts of the network
Cyberattacks have become sophisticated in recent times; there have been instances of living-off-the-land attacks, cloud malware with initial access in an on-premises server, cloud ransomware and disruption ware, and insider attacks. Organisations need the ability to see patterns and correlate seemingly unrelated events that happen in different parts of the network, and to group them together as a single security incident.
#3 Preventing data leaks
With the advent of cloud apps, there is a substantial risk of both intended and unintended data leaks. For example, an employee in the marketing department may use an app called Font Candy to create vibrant typography. However, this app may be unsanctioned within the organisation, and the employee may have private contact details and classified information stored within it at risk of being leaked.
In such a scenario, managing unauthorised uploads of sensitive data and preventing data leaks is crucial. With a cloud access security broker, one can enforce cloud security policies and controls to prevent data from being transferred over the internet.
#4 Providing visibility into shadow IT
Nowadays, most organisations have a list of sanctioned cloud apps that employees can use if they wish. These applications could have become sanctioned after the organisation deemed them to be secure and effective for employee productivity. The sanctioned applications are either owned or controlled by the organisation. On the other hand, shadow applications fall outside the ownership or control of IT teams. Shadow applications may have vulnerabilities and loopholes that could be exploited by attackers. A cloud access security broker provides visibility into the usage stats of these applications and the identity of users who use these applications frequently.
#5 Offering visibility into identity and access management
According to Erik Wahlstrom, Research Director at Gartner, organisations should not replace their identity and access management programs with CASBs, but rather intersect the two for increased governance and access control of cloud applications.
Most organisations use a multi-cloud environment with various PaaS and IaaS delivery models
A cloud access security broker can provide better identity and access management through adaptive authentication and user-based risk analysis. By bringing this capability within SIEM, organisations will be able to see the risky behaviour of users in a single console and use playbooks and workflows to respond to these threats.
A cloud access security broker has become an integral part of any organisation’s defence strategy. It can help defend against the use of shadow applications and data exfiltration into the cloud. An effective cloud access security broker will integrate seamlessly with a SIEM solution, and will provide network visibility, data security, compliance management, and threat protection. CASBs can help improve the security posture of organisations.
A cloud access security broker provides security against both internal and external threats that organisations face, learning behaviour patterns of users and developing a baseline.
