December 5, 2019 | By Moshe Dadush, Infrastructure Security Manager
A great number of companies are migrating much of their services and resources to the cloud for proper operation management (SaaS, IaaS, PaaS). Most especially, there are startups that have no physical or local resources at all; their activities are entirely managed in the cloud.
The following are among the major suppliers of cloud services in the world (with their % market share as of 2019 Q2):
Amazon – 33%
Microsoft Azure – 16%
Google Cloud Platform- 8%
These are some of the most common cloud service apps:
Microsoft Office 365
Salesforce
Google G Suite
Box
It is obvious from the chart below that within 5 years Amazon has been able to double its cloud service revenues. This is an indication of a growing trend in technology adoption by plenty of companies.
We are already aware of the following benefits of cloud services:
• Significant savings in purchasing equipment
• Comparatively low maintenance and upgrade costs
• Ample flexibility – You can purchase services as needed (based on user quantity, specific service) and expand as your company grows.
However, what about cloud security?
CASB (Cloud Access Security Broker) comes into play here.
CASB primarily acts as a mediator between the user (such as a company) and the service in the cloud so as to achieve the ability to monitor user actions and enforce the company’s information security policy. In principle, user traffic is predominantly redirected through the CASB via an agent or it could be agentless.
These are some of the important roles carried out by CASB:
1. Highlighting visibility – It is possible for a company to get information about the apps used by its employees. This approach facilitates the process of obtaining pertinent information about illegal IT activities of its employees.
2. User Behavior Analytics – Analyzing users’ actions and identifying high-risk users (large amount of downloads, logging in from multiple geographic locations simultaneously or shortly)
3. Policies Enforcement – With CASB, it relatively becomes easy to apply policies on how to use apps: Login form (2FA, Password Complexity), approved file types for upload / download, grant permissions as needed to different users.
4. Data Loss Prevention – This is the ability to run a leaked information constitution in order to protect the company’s sensitive information.
As more and more companies adopt cloud services, we will see growth in implementing the CASB solution as a complementary product.
