Enterprises are using different cloud service providers for IaaS, PaaS and SaaS apps to enhance productivity and reduce cost.
When using Iaas, PaaS or SaaS, Security is a shared responsibility. Cloud Service Provider is responsible for infrastructure security, User is responsible for Securing Access and Data.
How to secure Access and Data across different cloud service providers which are outside your enterprise perimeter?
This is where Cloud Access Security Broker (CASB) comes in. CASB acts as intermediary between users and cloud service providers. CASB helps with,
- Identify usage of sanctioned and un-sanctioned apps by your Employees.
- Identify usage of Managed and Un-managed devices to access corporate data.
- Identify who has access to what resource. Get activity logs to identify who did what.
- Identify cloud services used and find redundancies.
- Ensure compliance to HIPAA or HITECH for health organization, PCI for retail, FINRA for financial services.
- Identify and Classify the Data residing in SaaS applications.
- Use DLP to identify and redact sensitive data.
- Identify Data exposed to public. Change access policies to limit exposer.
- Scan for malware.
- Identify compromised accounts.
CASB Deployment Options
CASB can use OAUTH to scan API’s provided by service provider to get resource inventory, access policies and activity logs and provide notification to IT for any usage violations.
User connects to CASB and CASB proxies connection to SaaS applications, with this real time DLP can be applied. On corporate managed devices an endpoint agent is installed, which can control access to sanctioned and un-sanctioned applications.
CASB acts as SSO agent. SaaS applications forward connections to CASB for authentication. CASB will use IDaaS used by organization to authenticate user and session is established with CASB in path between user and SaaS application. Reverse Proxy can control access from managed and un-managed devices and provide real time DLP.
CASB provides visibility and control when using IaaS, PaaS, SaaS applications.
If you are interested in complete solution, contact me, i will make detailed proposal.