Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud Access Security Brokers: Closing the SaaS Security Gap

1,163 views

Published on

As more organizations move sensitive data to the cloud and “cloudify” traditionally internal applications, the need to fully secure data in the cloud has become critical. Widespread use of Software as a service (SaaS) applications has led to concern over the security gaps they present. Cloud access security brokers (CASBs) help bridge these gaps by providing a central control point for cloud service visibility, security, and compliance.

Learn about:

• How CASBs can help you leverage SaaS while maintaining security and compliance
• The four central areas of CASB functionality
• The most popular ways CASB solutions are being used to accomplish security goals
• The pros and cons of different CASB deployment options
• How to evaluate solutions to find the best match for your organization

Published in: Technology
  • Be the first to comment

Cloud Access Security Brokers: Closing the SaaS Security Gap

  1. 1. CLOUD ACCESS SECURITY BROKERS CLOSING THE SAAS SECURITY GAP
  2. 2. www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses. Sponsored by
  3. 3. Ask yourself: a) Yes b) No c) Not sure CAN YOUR ORGANIZATION DETECT UNUSUAL OR FRAUDULENT ACTIVITIES ASSOCIATED WITH DATA IN THE CLOUD?
  4. 4. *2017 Thales/451 Research Data Threat Report of respondents will use sensitive data in an advanced technology (defined as cloud, SaaS, big data, IoT and container) environments this year believe their organizations are deploying these technologies ahead of having appropriate data security solutions in place 93% 63%
  5. 5. MANY ORGANIZATIONS LACK VISIBILITY INTO THE CLOUD SERVICES THEY CONSUME AND THE RISKS THEY PRESENT Cannot detect compromised credentials or unmanaged devices accessing cloud services Struggle to verify compliance and secure handling of data across different services
  6. 6. Ask yourself: a) Less than 300 b) More than 500 c) Not sure HOW MANY CLOUD APPLICATIONS DOES YOUR ORGANIZATION USE?
  7. 7. *Source: Symantec 2H 2016 Shadow Data Report Symantec’s Shadow Data Report for 2H 2016 found that the average enterprise has 928 cloud apps in use Organizations use 20 times more cloud apps than they think 928 20X
  8. 8. ORGANIZATIONS THAT WANT TO LEVERAGE SAAS WHILE MAINTAINING SECURITY AND COMPLIANCE NEED TOOLS THAT FOCUS ON SECURING DATA IN THE CLOUD
  9. 9. THE ROLE OF CASBs Definition CASBs are policy enforcement points that sit between an organization's on- premises infrastructure and a cloud provider's infrastructure. They act as gatekeepers, interposing enterprise security policies as cloud-based resources are accessed. Use CASBs examine a network's traffic and determine if sensitive data is being sent to the cloud. CASB solutions then apply policies and other security controls to ensure that sensitive data is protected. They enable organizations to manage and enforce policies across disparate SaaS applications, providing a single point of control for multiple applications and services.
  10. 10. Source: Gartner (March 2017) $151M $713M 2015 2020 CASB MARKET FORECAST OVERVIEW
  11. 11. CASB FUNCTIONALITY AREAS Visibility Answers the question, “Who’s doing what in the cloud?” through shadow IT discovery and sanctioned application control. Offers comprehensive view of cloud service usage, and the users accessing data from any device or location Compliance Helps fill the regulatory compliance capability gaps introduced by many SaaS providers. Assists with data residency issues and controlling access to regulated data, provides logs for audits, and identifies cloud usage and the risks of specific cloud services Data Security Enforces data-centric security policies to prevent unwanted activity based on classification, discovery and user activity monitoring of data access. Policies applied through controls such as audit, alert, block, quarantine, delete and encrypt/tokenize Threat Protection Provides protection against threats not typically handled by SaaS providers (e.g., user behavior and use of corporate data). Prevents unwanted devices, users and versions of applications from accessing cloud services
  12. 12. POPULAR USE CASES
  13. 13. CASBs can identify the SaaS apps being used and specify how safe they are for the organization ONE SHADOW IT DISCOVERY
  14. 14. CASBs can identify users’ access to SaaS applications by leveraging existing single sign-on providers or corporate Active Directory services TWO ACCESS CONTROL ENFORCEMENT
  15. 15. CASBs provide a common point of encryption for cloud services THREE ENCRYPTION
  16. 16. CASBs can verify content within the public cloud applications being used by the organization, encrypting, password protecting, watermarking, or blocking FOUR DATA LOSS PREVENTION
  17. 17. CASBs provide comprehensive activity logs and other reports that are useful for auditing and forensics FIVE REPORTING
  18. 18. CASBs can establish user behavior and service baselines, so that anomalous behavior that indicates threats can be detected, and alerts can be generated SIX BEHAVIOR ANALYTICS
  19. 19. DEPLOYMENT OPTIONS
  20. 20. API-Based SolutionGateway (Reverse Proxy)Gateway (Forward Proxy) Inline deployment between the endpoint and cloud service in which the device or network routes traffic to the CASB proxy. Inline deployment between the endpoint and cloud service in which the cloud service or identity provider routes traffic to the CASB proxy. Direct integration of the CASB and cloud service. Depending on cloud provider APIs, the CASB can view activity, content, and take enforcement action.
  21. 21. API-Based SolutionGateway (Reverse Proxy)Gateway (Forward Proxy) Pros • Ability to leverage current on- premises perimeter solutions • Architecture enables handling of transport-layer encryption • Facilitates Shadow IT discovery Cons • Doesn’t work for unmanaged off-premises devices • All traffic from managed endpoints traverses the CASB; potential privacy/compliance concern • Users must either VPN or proxy through the solution Pros • Leverages existing IDP/SSO solutions • Transport-layer security can require certificate rewriting • Proactive DLP enforcement Cons • Rewriting URLs can cause issues if SaaS provider has frequent URL updates • Requires an existing IDP/SSO solution to be in place • SSL encryption can impact deployment Pros • No configuration changes to endpoints or the network • Visibility into sanctioned apps • Reliable insight into what data is in the cloud, and activity logs/user behavior associated with that data Cons • No real-time prevention • API dependency is limited to the application's API offering • Hybrid approach (API + gateway) may be needed to enable features such as encryption and tokenization for some applications
  22. 22. Ask yourself: a) Whichever ranks highest in the Gartner Magic Quadrant b) Ask a trusted peer in the industry c) Makes no difference; they’re essentially the same d) Conduct an evaluation HOW CAN YOU DETERMINE WHICH CASB IS RIGHT FOR YOUR ORGANIZATION?
  23. 23. http://focus.forsythe.com/articles/530/Cloud-Access- Security-Brokers-Closing-the-SaaS-Security-Gap CHECK OUT THE ORIGINAL ARTICLE:
  24. 24. http://focus.forsythe.com OR FIND MORE ARTICLES ABOUT BUSINESS AND TECHNOLOGY SOLUTIONS AT FOCUS ONLINE:
  25. 25. Authors: Matthew Sickles Director, Forsythe Security Solutions Sriram Puthucode VP of Systems Engineering, Cloud Security, Symantec www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses.

×