Title: LTS SECURE CLOUD ACCESS SECURITY BROKER : A KEY TO CLOUD SECURITY
1LTS SECURE CLOUD ACCESS SECURITY BROKER A KEY
TO CLOUD SECURITY
- LTS Secure Cloud Access Security Broker has
proven itself to be indispensible for cloud
security. These days, nearly every organization
has fully integrated the cloud in its day-to-day
operations. This has led to a large amount of
data flowing to and from the cloud, which has
made it prone to various security threats. It
becomes difficult for the IT department to keep a
track of all the apps, cloud providers and data
employees are accessing and hence, there is a
need to implement a unified security control like
CASB.
2The classic definition of CASB is Cloud access
security brokers (CASBs) are on-premises, or
cloud-based security policy enforcement points,
placed between cloud service consumers and cloud
service providers to combine and interject
enterprise security policies as the cloud-based
resources are accessed. CASBs consolidate
multiple types of security policy enforcement.
Example security policies include authentication,
single sign-on, authorization, credential
mapping, device profiling, encryption,
tokenization, logging, alerting, malware
detection/prevention and so on. Simply put, CASB
acts as a gate-keeper allowing the organizations
to extend the reach of their security policies
beyond their own infrastructure. It ensures that
network traffic between on-premises devices and
the cloud provider complies with the
organizations security policies. To understand
CASB better let us have a look at the four
pillars of CASB
3Features and Benefits
- Visibility -- CASB provides a clear visibility
and across various cloud services which covers
users, devices, applications, data and actions.
It reports on what your cloud spend is and
provides an insight on Shadow IT. It even
provides information about the authorized/unauthor
ized apps that the users are accessing and how
often they use it. - Compliance--- Most SaaS vendors fail to offer
data protection tool that ensure internal and
external compliance, CASB helps fill the gaps. It
identifies sensitive data in the cloud and
enforces DLP policies to meet data residency and
compliance requirements.
4- Data Security -- CASB helps implements
data-centric security policies using controls
such as encrypt, alert, block, tokenize and
audit. It offers contextual access control as
well as data leakage prevention. - Threat Protection --- CASB prevents unwanted
users and devices from accessing cloud services.
CASB also covers User Behavioral Analysis (UBA)
and Entity Behavioral Analysis (EBA) for
determining anomalies in the network and threat
intelligence formation.
5- Prevent data exfiltration --- CASB reports on
sensitive data being shared publicly inside and
outside an organization. It finds all the cloud
apps and reports on enterprise readiness of each
cloud app. It can encrypt data before upload or
upon download, thus preventing any security
threat. - Data Loss Prevention (DLP) -- The risk of a data
being transferred cannot be determined without
the ability to monitor, identify and categorize
data going into the cloud. CASB integrates with a
broader set of cloud services via API to scan
data flowing through the cloud.
6- Reporting and Auditing -- CASB governs your
organizations cloud usage with granular
visibility and control. It can provide detailed
activity logs and other reports useful for
compliance auditing and forensic purposes. - Early threat detection --- CASB has visibility
of all the cloud applications, even the one using
SSL encrypted connections which helps it in early
detection of threat. Its analytics help to
establish usage behavior baselines from which
anomalous behaviors indicative of potential
threat can be detected and alerts can be
generated.With the increasing number of cloud
applications and technologies being used, CASB
has emerged as a critical security technology for
cloud. By 2020, 85 of the employees will be
using a CASB.