What is CASB? A solution that centrally manages the security of cloud services

CASB is a concept of security measures advocated by Gartner in the United States in 2012. By installing CASB between companies and cloud services, it becomes possible to visualize the usage status of cloud services and monitor and control uploads. A single CASB can monitor multiple cloud services, so you can set consistent security policies and streamline operations and management. Recently, it has been increasingly incorporated into SASE (Secure Access Service Edge). SASE is a zero trust perimeter information defense network security architecture that integrates security services such as CASB and FWaaS with network services such as SD-WAN. For such CASB, four functions are proposed as software requirements.

[4 functions of CASB]

• Visualization
• data security
• threat protection
• compliance

I will explain in detail from top to bottom.

1. Visualization

This function visualizes the usage status of cloud services used by an organization. The access status and upload/download of files can be seen at a glance. Monitor unauthorized cloud services, analyze high-risk cloud applications, and prevent information leakage.

2. Data security

CASBs enforce data-centric security. We provide a number of methods to identify confidential information, such as keyword searches within files, and implement highly accurate information leakage countermeasures.
There is also a function to encrypt not only the data in the company but also the data stored in the cloud to improve security. Detailed security measures are possible, such as restricting access for each data type and importance.

3. Threat Defense

Prevent unauthorized devices, users, software, etc. from accessing the cloud and defend against threats. It also supports detection and isolation of malware, preventing the leakage of important information.

4. Compliance

Monitor and control cloud services based on set security policies. Ensure compliance by prohibiting uploading of files containing information prohibited by security personnel.

[Important information that can be detected by CASB (example)]

• Credit Card Number
• My number
• files with specific extensions, etc.

Behind the spread of CASBs equipped with the above functions is the increase in shadow IT, in which employees use unauthorized cloud services without permission.

Shadow IT and Sanctioned IT

Shadow IT is a situation in which systems, terminals, software, etc. used within an organization are used at the discretion of employees and departments, and management and security personnel are not aware of it. refers to Sanctioned IT IT, the antonym of Shadow IT, is a situation where the company uses what is allowed. The point is that employees who are doing shadow IT are not malicious and often use unauthorized IT equipment and cloud services to improve work efficiency.

[Case of Shadow IT]

• Communicate data with companies using your personal email address
• Unauthorized uploading of files to unauthorized cloud storage
• Use your personal cloud environment for work

However, even if employees are not malicious, shadow IT carries significant risks.

In the short term, it can cause serious information leakage, such as data exfiltration and malware infection.

From a medium- to long-term perspective, confidential company information will be under the personal control of employees. can lead to a loss of credibility in the company.

That's where CASB comes in handy.

Three benefits of introducing CASB

The first is that cloud services can improve security while improving operational efficiency.
CASB monitors cloud services in real time and detects fraud. Even if you have a contract with multiple cloud services, you only need one CASB, you can unify security policies, and it will be easier to operate and manage.

The second advantage is that the analysis results can be visualized.
You can analyze the status of access to cloud services, etc., and check them in an easy-to-understand manner on the dashboard. Since the overall usage status can be checked on the CASB management screen, it is not only easier to detect security breaches and fraudulent activities, but it is also possible to understand which cloud services are preferred by employees.

The third is that it is suitable for introducing remote work.
Cloud services are essential for remote work. CASB can implement strong security measures even when working remotely. It is also possible to deploy a CASB agent directly on the terminal, so even local breakouts from home can be secured.

Notes on CASBs

Some CASB products cannot be monitored and controlled in real time. In addition, please note that CASB alone cannot deal with incidents such as information leaks on the cloud service side. Also, not all security measures can be taken with CASB alone, so consider measures against external cyberattacks.

In addition to introducing CASB, it is also important to educate employees to prevent shadow IT from rampant.

API type

This is an introduction configuration that links CASB to the cloud service contracted by the company using API. Monitor the usage status and access status of cloud services linked with CASB. Note that you cannot monitor cloud services that you have not subscribed to, and that you cannot use cloud services that do not support API linkage. If there is not a lot of important information and it is sufficient to monitor only what has been uploaded to the cloud, the API linkage configuration is adopted.

Inline type

The inline type is an installation configuration in which CASB is placed in the communication path from the terminal of the company to the connection to the cloud service. This configuration is employed to cut off communication before uploading to cloud services. It is recommended for companies that have a lot of important information and want to implement strong security measures, as they can monitor the usage of shadows that they do not have a contract with.

Log analysis type

This is an installation configuration that monitors communications via a gateway terminal installed at a company. Since it is not possible to check the contents of files, it is suitable when you want to allow shadow IT to some extent and limit the use of cloud services that are considered dangerous. The log analysis type monitors communication based on the URL of the access destination. When a risk is detected by the visualization function or threat prevention function, security measures are taken by prohibiting access to the relevant URL in cooperation with the gateway terminal.

(1) Arrangement and clarification of introduction requirements

Many CASB products have been developed.
It takes an enormous amount of time and effort to compare the functions and prices of all products and conduct introduction tests one by one. Get your priorities in order to speed up your implementation. It is recommended to identify the necessary conditions and desired conditions and prioritize them.

② Do you operate in-house or outsource to other companies?

After introducing CASB, there are two methods: operating it in-house or outsourcing the operation to another company. When operating in-house, it is necessary to periodically review the security policy and regularly monitor the usage of cloud services. In-house operation may seem time-consuming, but there are many advantages. If you choose a CASB product with an easy-to-understand management screen, it will be easy to operate and you will be able to respond quickly within your company.

(3) Has the introduction configuration been considered in advance?

CASB has three configurations, each with different strengths. Think about which service, for what purpose, and to what extent you want to control it, and consider which of the three configurations to adopt. Also, a single CASB product cannot be said to be a complete corporate security measure. It will coexist with other security solutions. Make sure that the CASB you are considering can coexist with your existing security solutions and SASE. In addition, by introducing CASB, it is safe to organize the need for employee awareness and training on how to use it.

④ Easy to install

Some CASBs are easy to implement and others are not. Some CASBs require installation of data acquisition servers, changes in network configuration, and large-scale implementation planning. On the other hand, CASBs that operate in the cloud are relatively simple and can be deployed in a short period of time.

In addition, it is safe to choose a product that can implement functions step by step and a CASB that comes with introduction support.

⑤ Can be scaled out in the cloud

In the future, when the number of mobile terminals and users used in the company increases, it will be easier to respond by choosing a CASB product that can be scaled out on the cloud side. Inline CASB products place CASB in the communication path between the company and the cloud service, so network delays may occur, and communication may be cut off if there is a problem with the CASB product. Remote work may increase the number of terminals used at once. We recommend choosing a CASB that can be scaled out in the cloud.

⑥ Defense can be done in real time

Since conventional CASB monitors and analyzes logs to discover shadow IT, it was the mainstream that could not control communication in real time. However, in recent years, CASBs have appeared that can be controlled in real time, and some of them stop uploading in the middle when a file that is prohibited to be uploaded is found. If you want to prevent data leakage, choose a CASB that allows real-time control.