Why You Need CASB Security to Protect Data in the Cloud
Why You Need CASB Security to Protect Data in the Cloud
Cloud security isn’t a luxury — it’s a necessity.
Join the DZone community and get the full member experience.Join For Free
CASB Security Isn’t A Luxury—It’s A Necessity
Cloud computing has exploded in the business and education worlds over the last decade. By next year, 83 percent of enterprise workloads will be in the cloud. That means that everyone, from public schools and universities to health systems and corporate America, will be reaping the rewards of increased productivity and greater efficiency.
At the same time, 66 percent of IT professionals say security is their biggest concern when it comes to implementing cloud computing. How can you balance the benefits of cloud computing with the need for security? A Cloud Access Security Broker (CASB) is the key.
CASB Security: Where Did It Come From?
What is CASB? The term “Cloud Access Security Broker” was coined by Gartner around 2013. The major catalyst to the CASB emergence was the explosive growth of cloud computing and the enormous amount of data we are producing. Cloud computing is expected to reach $411 billion by 2020. Artificial intelligence, machine learning, Internet of Things, Software-as-a-Service, and Infrastructure-as-a-service are all contributing to this growth and becoming an integral part of IT strategies across industries.
IT departments quickly realized that keeping up with security was a challenge with all the apps, devices, cloud providers, and files their employees were using. Consider this: we are now producing 2.5 quintillion bytes of data every day. That’s a one followed by 18 zeros!
CASB security provides information technology security teams with a platform that unifies security measures across the cloud, providing visibility and control that most cloud app admin consoles lack. Detecting threats, managing multiple data streams and enforcing security measures becomes as simple as implementing one CASB security platform.
What Types of CASB Security Are Available?
Proxy CASB security creates another firewall in front of cloud apps, slowing down performance
In just a few short years, CASB security solutions have come a long way. The original proxy-based CASB has gradually been replaced with Application Programming Interface (API) CASB technology. Which is best? Here’s brief summary of each.
Proxy-Based CASB Security
At the risk of sounding biased, proxy CASB are based on somewhat “old-school” technology. Within a CASB security solution, a proxy acts like a gateway, verifying users and devices as they try to access the cloud. The biggest advantage to a proxy CASB is that it can identify threats and take action in real time.
But there are critical disadvantages to this approach. Proxy CASBs cause significant network delays and only secure known users. For IT departments, that leaves a gap in data security, and for users, it causes frustration when they can’t access their data quickly. Also, if you already use a Next-Gen Firewall (NGFW) or a secure gateway, installing a proxy-based CASB is basically just paying for duplicate functions.
Neither Microsoft nor Google support using a proxy CASB with their Office 365 and G Suite applications. They will not notify third-party vendors of changes in authentication methods, and they won’t guarantee those changes won’t make your proxy completely ineffective. Further, Google is also proposing security upgrades to their Chrome extension policy that would render so-called “agentless” CASBs that rely on extensions useless.
API-Based CASB Security
API CASB security integrates as a cloud app native for superior security
API-based CASB security uses cloud applications’ native APIs to provide direct, secure access to the cloud from any device, anywhere, at any time without slowing down network performance.
API CASB provides visibility into user activity, making compliance, threat protection, and data security easier and more efficient. IT teams can easily customize rules and policies based on individual, department, or whatever breakdown makes sense for your organization. Instead of duplicating functions, API CASB security provides an additive solution that integrates with your existing security architecture, such as Next-Gen Firewalls (NGFW) and secure gateways.
Why Your Organization Needs CASB Security
We hear the question all the time: “I just invested $200K in a firewall. Why would I need cloud security?”
Think of it this way. You have locks on the doors and windows of your house to keep people out, right? But what happens when a burglar gets inside? Many people get a home security system for this very reason. It lets you know if a breach has occurred, where the person got in from and, in some cases, what that person is doing in real time. It sets of alarms and alerts the proper authorities to help limit the impact of the break in.
That is what cloud security does for organizations that use cloud applications to create, collaborate, and store information in the cloud. A firewall will help protect your network perimeter, but cloud applications don’t exist within your network — they operate in the public cloud. So, your firewall and/or gateway works like the lock on the door to your house. It makes it more difficult for criminals to get in, and it deters the less motivated or sophisticated ones.
But, once a cyber criminal gets passed the perimeter they’ve gained access to your data. They use that access to download, copy, and share that information for their own malicious purposes. Without cloud security, your team may never know that a breach has occurred. Your organization’s intellectual property, financial data, and the personally identifiable information of customers and employees is being sold for profit without you ever knowing there’s a leak in your system.
With the right CASB security solution, when a criminal gets passed your firewall perimeter and gains access to your cloud environment alerts and alarms start going off. The cloud security platform can perform a variety of tasks automatically to stop the data from being stolen. It can lock down a user account, revoke viewing and sharing access to certain types of documents, and more. Further, IT security managers get critical insights into exactly how the criminal was able to gain access to the environment, what files and folder were compromised, and more.
Cloud security isn’t a luxury — it’s a necessity. As more data is being created, stored, and shared in the cloud, your organization is only becoming more vulnerable without it. Pouring more money into a more expensive firewall will not make that firewall more effective at securing what it cannot control.
Published at DZone with permission of Katie Fritchen , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.