A cloud access security broker (CASB) is a software tool or service that sits between an organisation’s on-premises infrastructure and a cloud provider’s infrastructure. A CASB acts as a gatekeeper, allowing the organisation to extend the reach of their security policies beyond their own infrastructure.
CASBs work by ensuring that network traffic between on-premises devices and the cloud provider complies with the organisation’s security policies. The value of cloud access security brokers stems from their ability to give insight into cloud application use across cloud platforms and identity unsanctioned use. This is especially important in regulated industries.
CASBs use auto-discovery to identify cloud applications in use and identify high-risk applications, high-risk users and other key risk factors. Cloud access brokers may enforce a number of different security access controls, including encryption and device profiling. They may also provide other services such as credential mapping when single sign-on is not available.
CASBs are particularly useful in organisations with shadow IT operations or liberal security policies that allow operating units to procure and manage their own cloud resources. The data that CASBs collect can be used for reasons other than security, such as monitoring cloud service usage for budgeting purposes.