What is CASB?

CASB Definition

CASB (Cloud Access Security Broker) is a security tool that acts as an intermediary between users and cloud services (SaaS, IaaS, PaaS). CASB provides visibility, control, and protection for data in the cloud, enabling organizations to extend their security policies to cloud environments.

CASB Pillars

Gartner defines four key CASB pillars:

Visibility:

• Shadow IT discovery
• SaaS application inventory
• User activity monitoring

Compliance:

• Regulatory compliance (GDPR, HIPAA)
• Industry standards
• Audit and reporting

Threat Protection:

• Malware detection in the cloud
• Compromised account detection
• UEBA (User and Entity Behavior Analytics)

Data Security:

• Data Loss Prevention (DLP)
• Encryption
• Access control

CASB Deployment Modes

API-based (Out-of-band):

• Connection to SaaS via API
• Analysis of stored data
• No inline traffic inspection
• Suitable for sanctioned apps

Proxy-based (Inline):

• Forward proxy or reverse proxy
• Real-time traffic inspection
• Blocking in real-time
• Latency impact

Hybrid:

• Combination of API + Proxy
• Comprehensive protection
• Flexibility

CASB Use Cases

• Shadow IT: Discovery of unsanctioned applications
• DLP: Preventing sensitive data leakage
• Compliance: Enforcement of storage policies
• Malware: Detection of threats in cloud files
• Access control: Restricting access based on context

CASB vs Native SaaS Security

Aspect	Native SaaS Security	CASB
Scope	Single application	All cloud applications
Consistency	Varies by provider	Uniform policies
Shadow IT	None	Full visibility
DLP	Basic	Advanced

CASB in SASE/SSE Architecture

CASB is a key component of SSE:

• Integration with SWG
• Common policies with ZTNA
• Single management console

CASB is an essential tool for organizations using cloud services, providing visibility and control over data in SaaS environments.