By Subhalakshmi Ganapathy, Product Evangelist, IT Security, ManageEngine
With limited data protection measures in place, an employee for a government service contractor in the Philippines fell victim to the cause of a data breach, as hackers managed to copy data when the employee brought home his or her laptop, leading to numerous investigations into the fragility of device security within the organization.
Data leakages such as this have assumed more significance in the present hybrid workforce era. The increasing usage of cloud applications within organizations by employees has brought productivity, ease of use, and scalability to work. However, it has also brought an increased risk of shadow IT, data exfiltration, and insider threats.
Simply put, you may not know which of the numerous SaaS applications employees are using without permission to access the organization’s data. With this heightened risk, it’s essential that leaders broaden their security approach with cloud protection capabilities. A cloud access security broker (CASB) can help with precisely this.
Making a strong case for a CASB
Gartner first defined a “cloud access security broker (CASB)” as a solution that sits between an organization’s users and the various cloud services they access. Due to its cloud-native capabilities, a CASB can not only help an organization authenticate and authorize users as they attempt to access cloud resources, but it can also enable the organization to identify what flows in and out of the cloud.
Listed below are four key capabilities offered by a CASB:
- Visibility: Although enabling cloud technology makes it easier for teams to collaborate, employees still use different unauthorized and unknown cloud applications, known as shadow applications, for better and quicker results. The use of shadow applications is of serious concern for the organization’s IT team. A CASB helps IT security teams overcome the issue of shadow applications by providing visibility into cloud app usage, apps accessed from unmanaged devices, users accessing and modifying data on the cloud, and much more for holistic cloud security monitoring.
- Compliance: A CASB helps with meeting compliance requirements by ensuring the security of data, both in transit and in storage. It also safeguards organizations from data exfiltration by monitoring data leakage from the cloud. Enabling a CASB meets a variety of compliance standards, including the GDPR, CCPA, HIPAA, and LGPD.
- Data security: One of the core objectives of a CASB is to ensure data security. A CASB monitors access to data on the cloud and identifies unauthorized access to sensitive data. The CASB has security features such as data leakage prevention and access control which minimize the possibilities of data leakage.
- Threat protection: A CASB provides security against both internal and external threats that organizations face. It learns the behavior patterns of users and develops a baseline. Whenever a deviation from the baseline is noticed, the CASB alerts the security team to remediate the threat.
Strengthening the security operations center
An organization’s security operations center may be highly reliant on a security information and event management (SIEM) solution today. Within the next two years, leaders need to ensure that the SIEM solution either integrates seamlessly with an external CASB or has built-in CASB capabilities. Among the reasons for doing so are: to address the high uptake of cloud applications, correlate events that happen in different parts of the network, prevent data leaks, provide visibility into shadow IT, and offer visibility into identity and access management (IAM).
- Addressing the high uptake of cloud applications: Research suggests that the average employee uses 10 SaaS applications every day, and organizations on average use 254 applications. The usage ranges from third-party analytics tools that ingest customer data sets to consumer versions of approved enterprise apps such as Microsoft 365 or Google workspace. In addition, they may use some of these applications on their personal mobile devices. This is why organizations need a CASB-enabled SIEM solution that gives visibility into the applications in use and how they are being used. With such a solution, organizations will know the level of risk posed by a particular application.
- Correlating events that happen in different parts of the network: Cyberattacks have become increasingly sophisticated in recent times; there have been instances of living-off-the-land attacks, cloud malware with initial access in an on-premises server, cloud ransomware and disruptionware, and insider attacks. Organizations need the ability to see patterns and correlate seemingly unrelated events that happen in different parts of the network, and group them together as a single security incident.
- Avoiding data leaks: The rising usage of cloud apps results in an increased risk of both intended and unintended data leaks. Managing unauthorized uploads of sensitive data and preventing data leaks are crucial. With a CASB, one can enforce cloud security policies and controls to prevent data from being transferred over the internet.
- Casting visibility into shadow IT: Having a list of sanctioned cloud apps that employees can use if they wish, is a common practice nowadays. These applications could have become sanctioned after the organization deemed them to be secure and effective for employee productivity. The sanctioned applications are either owned or controlled by the organization. However, shadow applications fall outside the ownership or control of IT teams. Shadow applications may have vulnerabilities and loopholes that could be exploited by attackers. A CASB provides visibility into the usage stats of these applications and the identity of users who use these applications frequently.
- Offering visibility into IAM: According to Erik Wahlstrom, research director at Gartner, “Organizations shouldn’t replace their IAM programs with CASBs, but rather intersect the two for increased governance and access control of cloud applications.” A CASB can provide better IAM through adaptive authentication and user-based risk analysis. By bringing this capability within SIEM, organizations will be able to see the risky behavior of users in a single console and use playbooks and workflows to respond to these threats.
As CASB becomes an integral part of an organization’s defense strategy to combat the use of shadow applications and data exfiltration into the cloud, leaders must ensure the CASB will integrate seamlessly with a SIEM solution and will provide network visibility, data security, compliance management, and threat protection. CASBs can help improve the security posture of organizations.
ManageEngine offers enterprise IT management software for your service management, operations management, and security needs.