Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

CASB vs. Security Gateways vs. Hybrid Data Pipeline

DZone's Guide to

CASB vs. Security Gateways vs. Hybrid Data Pipeline

In today's cloud, several entities sit between you and your data. CASBs, security gateways, and hybrid data pipelines each play important roles and synergize well.

· Cloud Zone
Free Resource

Are you joining the containers revolution? Start leveraging container management using Platform9's ultimate guide to Kubernetes deployment.

One interesting technology to grow out of IT disruption is the cloud access security broker. How does the CASB fit with a hybrid data pipeline?

Making Sense of Cloud-to-On-Premises Data Access

Disruption is like a wildfire to those unprepared — when it flares up, there’s not much you can do, except watch it burn and pick up the pieces when it’s through. IT has been through a few wildfires lately. Cloud, mobile, citizen self-service, BYOD, etc. Now, they’re actively trying to piece things back together: determining which cloud applications to use, which employees are storing data in public services like Dropbox, integrating cloud and on-premises applications and data, and so forth.

The Cloud Access Security Broker

After a wildfire, new life can flourish, and one of the interesting technologies to grow out of this array of disruption is the cloud access security broker (CASB) — not to be confused with your web proxy or security gateways. Increasingly, this is an area we get asked about, particularly in engagements connecting cloud applications to on-premises data through a hybrid data pipeline. Where do these three pieces fit? Does a CASB replace a security gateway? Is a hybrid data pipeline just a virtual CASB?

Salesforce Integration with On-Premises Data

One repeating use-case we see where this is an important topic involves Salesforce integration with on-premises data. Companies are trying to get more valuable, timely data in the hands of sales and support staff to help make better decisions. This is data that cannot simply be stored in the Salesforce platform, often due to regulatory issues or some inherent integration challenge. Most companies we encounter do not use a CASB today, nor is one required for a successful, secure deployment of your hybrid data pipeline. Since it is a popular topic, however, I wanted to briefly touch on the role each plays in a successful cloud to on-premises data access strategy. 

Three Primary Roles in Your Data Access Strategy

Security gateway: Provide core firewall capabilities, IP and website filtering, protection against inbound threats. In short: protect me from the internet. 

CASB: Discovery of cloud applications in use across the business, govern file/data transfers to unauthorized devices, enforce access rights and policies to various cloud applications. In short: provide context to the cloud apps I use and the devices that access them.

Hybrid data pipeline: RESTify on-premises databases, high-performance access to on-premises data from the cloud, universal data API to accelerate bimodal IT initiatives.

Three Primary Roles

Figure 1: Network security for data access

Defense in Depth Approach to Secure Data Access

The answer to all the questions above then is: all three components handle an important task, and are thus very complimentary to one another. Together they can also provide a nice defense in depth approach to secure data access. It is best then to think of these components as concentric layers, with a security gateway at the outermost layer (closest to the internet), followed by a CASB and then your hybrid data pipeline (closest to the data).

Using Containers? Read our Kubernetes Comparison eBook to learn the positives and negatives of Kubernetes, Mesos, Docker Swarm and EC2 Container Services.

Topics:
cloud ,cloud access security broker ,security gateway ,hybrid data pipeline

Published at DZone with permission of Dion Picco, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}