HOME

TheInfoList



Click Here for Items Related To - Cloud Access Security Broker
OR:
Cloud Access Security Broker on:   [Wikipedia]   [Google]   [Amazon]

A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or
cloud In meteorology, a cloud is an aerosol consisting of a visible mass of miniature liquid droplets, frozen crystals, or other particles suspended in the atmosphere of a planetary body or similar space. Water or various other chemicals may ...
based
software Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work. ...
that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. A CASB can offer services such as monitoring user activity, warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
.


Definition

First defined in 2012 by Gartner, a cloud access security broker (CASB) is defined as:
non-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication,
single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...
, authorization, credential mapping, device profiling,
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can dec ...
, tokenization, logging, alerting, malware detection/prevention and so on.


Types

CASBs deliver security and management features. Broadly speaking, "security" is the prevention of high-risk events, whilst "management" is the monitoring and mitigation of high-risk events. CASBs that deliver security must be in the path of data access, between the user and the cloud provider. Architecturally, this might be achieved with proxy agents on each end-point device, or in agentless fashion without configuration on each device. Agentless CASBs allow for rapid deployment and deliver security on both company-managed and unmanaged
BYOD Bring your own device (BYOD )—also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own personal computer (BYOPC)—refers to being allowed to use one's personally owned device, rather than being required to u ...
devices. Agentless CASB also respect user privacy, inspecting only corporate data. Agent-based CASBs are difficult to deploy and effective only on devices that are managed by the corporation. Agent-based CASBs typically inspect both corporate and personal data.


References

{{reflist Cloud applications