adam's notes

Cloud Access Security Broker (CASB)

Cloud access security broker (CASB) is an enterprise management software designed to mediate access to cloud services by users across all types of devices.

  • provide visibility into how clients and other network nodes are using cloud services
  • enforce security policies across cloud services
  • functions:
    • enable single sign-on authentication and enforce access controls and authorizations from the enterprise network or remote employees to the cloud provider
    • Scan for malware and rogue or noncompliant device access
    • Monitor and audit user and resource activity
    • Mitigate data exfiltration by preventing access to unauthorized cloud services from managed devices
      • data loss prevention (DLP) capabilities
    • injects encryption into the cloud
  • vendors:
    • Symantec, Skyhigh Security, Forcepoint, Microsoft Cloud App Security, Cisco Cloudlock, CloudSOC CASB

3 Ways to Implement

  • forward proxy mode
    • security appliance or host positioned at the client network edge that forwards user traffic to the cloud network if the contents of that traffic comply with policy
    • requires configuration of users’ devices or installation of an agent
    • can inspect all traffic in real time
      • even if that traffic is not bound for sanctioned cloud applications
    • problem
      • users may be able to evade the proxy and connect directly
      • Proxies are also associated with poor performance
        • without a load balancing solution, they become
          • a bottleneck
          • potentially a single point of failure
  • Reverse proxy mode
    • positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with policy
    • does not require configuration of the users’ devices
    • This approach is only possible if the cloud application has proxy support
  • API mode
    • API-based CASB uses brokers’ connections between the cloud service and the cloud consumer
      • Rather than placing a CASB appliance or host inline with cloud consumers and the cloud services
    • e.g., if a user account has been disabled or an authorization has been revoked on the local network,
      • CASB would communicate this to the cloud service
      • use its API to disable access there too
      • depends on the API supporting the range of functions that the CASB and access and authorization policies demand
  • likely to use both proxy and API modes for different security management purposes

Graph View

Backlinks