- Security TWENTY
- Women in Security
Steve Armstrong, pictured, Regional Sales Director UK, Ireland and South Africa at cloud monitoring and access control product company Bitglass, discusses cloud access security brokers (CASBs) and answers some questions associated with the adoption of this dedicated cloud security technology.
Public opinion on the cloud has come a long way in recent years, with most security professionals now accepting that it’s no less secure than the traditional, in-house way of doing things. That said, the cloud does present its own unique set of security challenges. As such, it still ranks as the top risk for executives in risk, audit, finance, and compliance, according to Gartner.
Allowing data to move beyond the traditional network perimeter can cause concern for many executives – if not properly secured, it can leave an enterprise vulnerable to data leakage, malware, unauthorised data access, and regulatory non-compliance. However, with the cloud’s productivity benefits now being too significant to ignore, the conversation in most enterprises has shifted away from whether to adopt the cloud. Now the main point of discussion is how to do so as securely as possible.
Fortunately, recent years have given rise to a variety of new security technologies that are designed to tackle the cloud’s unique challenges. As a result, enterprises that want to prioritise data protection havemuch more choice when deciding how they should implement cloud-based solutions. One such technology is the cloud access security broker (CASB). Gartner, which coined the term, has called it “the fastest growing security category ever,” predicting that, by 2020, 60 percent of large enterprises will use a CASB to govern cloud services, up from less than 20 percent today. However, behind the jargon, what is this technology, how does it work, and what are its key advantages?
What is a CASB?
Stated simply, a CASB is a security solution that sits between an organisation’s cloud applications and the devices that are used to access the data therein. From this position, it acts as a gatekeeper, controlling the flow of data. These solutions allow enterprises to extend their security policies to SaaS applications like Salesforce, Dropbox, and Office 365, as well as IaaS platforms (like AWS and Azure) and the custom applications built upon them.
The earliest CASBs were designed solely to provide visibility into SaaS app usage. However, over time, they have evolved into the flexible tools that they are today. Examples of advanced CASB capabilities include securing the mobile workforce, enabling BYOD initiatives, defending against zero-day malware, remediating inappropriate sharing, preventing data leakage, identifying malicious insiders, and much more.
What are the biggest barriers to the adoption of CASBs?
Despite the rise of specialised cloud security solutions, some organisations still cling to the belief that traditional tools like firewalls can offer complete data security in today’s cloud-first world. This may be due to an overestimation of how well on-premises tools can extend to the cloud, or some level of misunderstanding about cloud-based threats. Alternatively, some organisations may find it difficult to justify additional security spend in light of large sunk costs associated with on-premises IT infrastructure and security. Unfortunately, many who hold these beliefs find out the hard way that traditional tools are not enough to protect the modern enterprise.
What are the main advantages of CASBs over in-house security solutions?
The business world is experiencing a continued shift towards the consumerisation of IT. For many IT teams, designing, building, and maintaining in-house networks, tools, and infrastructure is no longer an efficient use of resources. Fortunately, by using a CASB, the enterprise can immediately benefit from a specialised solution that secures data right out of the box. CASBs serve as a single pane of glass for ensuring a consistent level of security across all cloud applications, eliminating the need to manage dozens of disjointed, native security features individually. In this way, enterprises can benefit from the countless cloud services that are available and rest assured that their data is safe in any app, any device, anywhere.
As adoption of cloud-based applications and services continues to grow throughout the business world, organisations need specialised security technology that is capable of protecting sensitive data wherever it is stored or accessed. The enterprise needs end-to-end security across all devices, locations, and users, as well as complete visibility throughout increasingly disparate IT environments. Fortunately, cloud access security brokers are designed to meet this very challenge.