Avoiding cloud security pitfalls with CASB

Many organisations are moving their business operations to the cloud, a trend that will continue in the coming years. Enterprises are using multi-cloud platforms to run their businesses and are storing sensitive information on SaaS platforms such as Microsoft 365, DropBox, SharePoint Online, and more. Security professionals still lack understanding of the different cloud providers’ offerings, their shared responsibility models, and the amount of sensitive data residing in the cloud. This lack of visibility leads to increased instances of cyberattacks that leverage cloud security loopholes such as misconfigurations and insecure APIs.

To secure cloud platforms and data residing on the cloud, security professionals need granular visibility into cloud services usage and centralised security policy management that synchronises multi-cloud platforms with their on-premises network infrastructure. 

This is where cloud access security brokers (CASBs) come in. Today, Gartner® defines CASBs as “security policy enforcement points, placed between cloud service consumers and cloud service providers” that “consolidate multiple types of security policy enforcement…including authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.”

Why cloud security challenges are different for an on-premises network

The cloud environment is entirely different from on-premise systems on an architectural level. In an on-premises network, perimeter network devices predominantly control the traffic in and out of the network, and policies restrict malicious traffic from intruding the network. In the cloud, which is a perimeter-less network, the access to cloud resources and data is largely guarded by APIs. Therefore, it is essential to secure the APIs that allow a user to access cloud resources and to monitor their cloud activities and usage at the granular level to spot suspicious actions.

Such stark differences between the architecture suggests that it wouldn’t suffice to extend a security strategy for on-premises delivery to the cloud. Devising a cloud security strategy that’s unique to an enterprise is a challenge, especially when moving to the cloud is urgently needed.

Is a cloud access security broker (CASB) the solution to cloud security challenges?

The US National Security Agency (NSA) divides cloud vulnerabilities into four classes: misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities.

A cloud access security broker (CASB) acts as a gateway between an organisation and its cloud environment, scrutinising access to resources in the cloud and addressing the above vulnerabilities. It can facilitate enforcement of cloud security policies and ensure protection of information in transit to and from the cloud.

Understanding CASBs

CASBs can be deployed either on premises or as a cloud SaaS offering, which is the most popular deployment mode. SaaS can leverage the APIs of most cloud applications to monitor activities, analyse content, and adjust settings within the accounts.

To meet the accepted definition, a CASB must offer, at a minimum, the following functions.

Cloud application analytics and shadow IT monitoring: A CASB must monitor cloud applications and provide comprehensive reports on any shadow and banned applications being used.

Data monitoring and privacy: A CASB must ensure data privacy and protect an organisation from data leakage by monitoring data movement, ensuring only authorised personnel have access to sensitive information.

Threat detection and incident management: A CASB must monitor all traffic between an organisation and the cloud services it uses and be able to detect malicious activities like account hijacking, session takeover, etc.

Integrated compliance management: A CASB must help an organisation comply with regulations on the protection of personal data, such as the GDPR or Australia’s Notifiable Data Breaches (NDB) scheme, by continuously monitoring cloud platforms and providing real-time alerts and exhaustive reports on network activities.

In addition, a CASB can provide an in-depth view of the events in an organisation’s cloud environment, making it easier for administrators to identify malicious activities. It can also learn users’ behaviour patterns and flag any deviations from the norm as an indication of a compromised account.

A CASB can also keep tabs on data movement to prevent unauthorised users gaining access to critical information, like if a user from the finance department tried to modify a file belonging to the HR department. A CASB can also watermark, encrypt, or password protect sensitive files to prevent data exposure.

Choosing the right CASB

Finding the right CASB starts with a careful assessment and understanding of your organisation’s security requirements. There are various levels of coverage and functionality provided by the different CASB deployments, from proxy-based to API-based CASBs. Knowing what data and applications you have in the cloud along with their importance and sensitivity from the perspectives of both leakage and operational disruption will help you choose the deployment method best suited for you. For example, is control of shadow IT your priority, or is it encrypting data stored in third-party solutions to meet contractual demands?

A good CASB must be able to offer comprehensive visibility into your cloud data and application, provide security and threat protection, and help you maintain compliance with data protection rules. It must also be able to detect shadow IT, which are cloud apps being used without the knowledge or approval of your IT team.

A good CASB should provide granular activity analytics, with the ability to break information down by user, location, department, endpoint type, etc. It should also enable you to easily export these analytics to your SIEM system for further validation.

Finally, a CASB can have the best and most comprehensive range of functions and features, but if it’s difficult to use, its potential will remain untapped, or its use will consume excessive staff resources. That’s why ease of use is paramount.

Future of CASBs

Consolidation is the key to cybersecurity. Being a dynamic and evolving market, the cybersecurity space is now in the consolidation phase during which vendors are bringing together different security systems that can operate well together in a single console. As more data and users move to the cloud, all-cloud security platforms such as secure access service edge (SASE) are growing in popularity. As a mediatory step, cloud-based SIEM solutions are now offering different security technologies such as CASBs and secure web gateways (SWGs) to provide holistic security.