Demystifying CASB and its role within SASE

At the risk of stating the obvious to many CSO readers, a secure access service edge (SASE) solution is the best cybersecurity solution an enterprise can deploy today. SASE provides converged network and security capabilities that provide deep visibility, consistent security, and granular controls across the entire hybrid network.

To accomplish this, SASE is delivered as a service that combines the capabilities of SD-WAN and security service edge (SSE). SSE is a cloud-delivered security offering composed of secure web gateway (SWG), cloud access security broker (CASB)zero-trust network access (ZTNA), and Firewall-as-a-Service (FWaaS)

That’s a lot of functionality, and confusion persists about what each element does as an independent technology and as a part of SASE. In this piece, I’ll discuss the importance of CASB, specifically, and examine its role within SASE–particularly, why it’s critical to the solution’s success.

Why is CASB critical to SASE?

The rise of cloud computing and Software-as-a-Service (SaaS) has given organizations tremendous flexibility, scalability, and cost-savings while increasing collaboration. But, moving sensitive data to and from SaaS applications increases the risk of a breach and extends an organization’s attack surface. CASBs have emerged as a solution to this challenge because they provide deep visibility into cloud and SaaS deployments, allowing IT teams to protect users and sensitive corporate data in these environments.

The ultimate goal of a SASE solution is to provide a secure, efficient experience for employees no matter where they are working. As a part of SASE, CASBs handle cloud security risks and support work-from-anywhere employees who use personal, unmanaged devices to access SaaS applications from new, disparate locations.

Demystifying CASB and its role within SASE


The 4 key functions of CASBs

CASBs sit between users and their cloud services to deliver the following key functionalities: 

  • Visibility: CASBs provide visibility into user activity across cloud applications, including sanctioned and unsanctioned applications, also known as “shadow IT.” With comprehensive visibility of cloud application usage and cloud discovery analysis, organizations can assess the risk and decide, based on a user’s device, location, and role within the business, whether to grant them access to applications.
  • Compliance: Organizations are responsible for ensuring regulatory compliance around the privacy and safety of their data, regardless of whether they outsource services or manage it themselves. CASBs help ensure compliance with data and privacy regulations. 
  • Data security: IT teams use data loss prevention (DLP) tools to prevent leakage of sensitive information, but on-premises DLP solutions cannot secure information in the cloud. CASBs fill this gap through features such as access control, collaboration control, DLP, encryption, information rights management, and tokenization.
  • Threat protection: A CASB solution helps organizations protect against insider attacks from authorized users by creating a regular usage pattern baseline. Then, using machine learning, CASBs can quickly detect unusual or nefarious user activity. The tool also uses technologies like adaptive access control, dynamic and static malware analysis, and threat intelligence to block and prevent malware attacks. 

CASB use cases 

There are six primary use cases for CASB:

  1. Assess risk – CASB evaluates application usage, especially inconsistent spikes, to determine risk and ensure that corporate data is handled safely.
  2. Address compliance – CASB reports on using frameworks such as SOX, GDPR, PCI DSS, HIPAA, NIST, and ISO 27001 to identify policy violations for remediation.
  3. Prevent data loss – With a highly customizable suite of DLP tools and predefined compliance reports, CASB helps defend against data breaches.
  4. Malware protection – CASB quarantines suspicious files and blocks malware from uploading or downloading via SaaS applications.
  5. Secure non-corporate tenants – By employing a user list that specifies non-corporate tenant restrictions, a CASB can control access from managed and unmanaged locations.
  6. Illuminate shadow IT – To help enforce policy-based access controls, CASBs provide administrators with usage information for all sanctioned and unsanctioned (shadow IT) cloud applications.

In summary

The main purpose of CASB within an organization’s SASE solution is to extend and manage security policies for data housed in cloud-based services. Since many organizations have adopted hybrid-cloud strategies and deployed SaaS applications, such as Salesforce.com and Office 365, they need to see and control the data stored outside the traditional IT edges. And this requirement is growing more important as more organizations migrate to Infrastructure-as-a-Service and Platform-as-a-Service providers.

Also, if organizations have large shadow IT programs or permit internal groups to buy and manage cloud-based services without IT expert involvement, CASBs can be a critical tool for discovery and management. The insights provided by a CASB solution can help an IT organization gain better visibility into cloud-based applications being used and where confidential and proprietary data is stored.

Learn more about how Fortinet’s SASE solution delivers single-vendor SASE that enables consistent security, including CASB, and a positive user experience no matter where users and applications are distributed.


Go to Source