Enterprises always need to balance between the risk of an application and the business opportunity it presents. Same goes with cloud computing. If IT leaders block applications due to the security risks it presents, organization lose the opportunity of the benefits that cloud computing presents, specially lowering computing and infrastructure costs. If they adopt cloud applications without considering the risk, it can prove fatal.
IT managers are always at a dilemma and are looking for the right solution which helps them to balance risk and opportunities. As applications moves from enterprise boundaries to cloud, it brings in newer risks to data. They also have very limited control of their cloud infrastructure. A well-defined risk model can address the above concern.
Cloud Access Security Broker (CASB) enables security professionals to control and manage SaaS applications. It provides visibility in the cloud applications used by an enterprise and helps to control the risk of choosing cloud as a service platform. According to Gartner the demand for CASB has grown exponentially and they expect that 85% of enterprises will use CASB by 2020.
How is CASB useful?
Many enterprises are blind to cloud services used by their users. They need visibility to these applications so that the risks can be determined. Next Generation firewalls with CASB support provide in-depth visibility of all such applications used. This provides the first step to enterprise to control and manage such applications. Using Next Generation firewalls, they can block all such applications they feel, do not provide enough security to their data and bring added risks to the enterprise without any reasonable advantage.
Context based CASB solutions provide complete visibility to many cloud applications like Google Suite, Office 365, File sharing services like DropBox, Google drive etc. It also allows them to setup policies to block these applications when used on non-secure devices or outside their perimeter. For example, it will help your enterprise to setup policies to limit the access of Gmail for your back office only from your enterprise network, whereas sales representatives can access it from anywhere but from trusted devices only. This brings in the same kind of security as your in-house managed applications.
Advance CASB products allow to limit the use of cloud applications for personal use. For example, access to Facebook would only be allowed with the corporate id and all personal ids would be blocked when used from enterprise network, also called as ‘Split Profiling’. You can setup policies to limit the usage of cloud application. For example, you can block all uploads for a user of DropBox and only allow to download files from it. With built-in Data Leak Prevention engine, it brings added security to data and helps in mitigating risks that cloud computing adds to an enterprise.
As enterprises increase their usage of cloud services, security professionals will need to balance the risk along with it. They will need a solution for secure and complaint way of using such applications and services. CASB provides such a solution. Enterprises will need to choose solution which will provide CASB along with Next Generation Firewall and UTM platforms.