Sorry, you need to enable JavaScript to visit this website.

08 March 2018

If the pundits are to be believed, 95% of cloud security failures by 2020 will be the customer's fault (Lawson, MacDonald, Lowans, & Reed, 2016).

It’s no secret that when it comes to the cloud and security, most enterprises are sorely lagging, preferring to trust cloud service providers to secure their corporate data.

But as cloud apps become mainstream, accidental transfer of data, theft and infection is a daily reality. If you have a significant investment in the cloud, you need a cloud access security broker (CASB) to protect your cloud-based data.

CASBs are situated between your on-premise infrastructure (including the private cloud) and your cloud vendor’s security infrastructure and architecture. They link your internal architecture to the cloud and enforce security policies by providing safe passage for your corporate data to move to and from the cloud. This is especially so with Software as a Service (SaaS) applications where data is constantly on the move.

In essence, a CASB is a central clearing house; part broker, auditor, filter and filtration/exfiltration check. As long as your end users employ cloud resources in their daily operations, and your organisation’s security extends only to the perimeter of your network, a CASB will be critical in securing your corporate data.

Why You Need One

The inability of conventional security products to adapt to increasing cloud usage is a key driver behind the adoption of CASBs.

Large amounts of data are being transmitted and stored outside of the direct control of many organisations adopting the cloud. As more SaaS are deployed, the data stored has become more sensitive, raising urgent governance and data protection concerns.

Not surprisingly, IT teams are often in the dark about what cloud services are being used. The CASB offers cloud usage visibility, ensuring compliance by revealing how data is being moved to and from the cloud, by whom, and where it is being stored.

CASBs can enforce several types of security controls, including encryption, device profiling and credential mapping when single sign-on is not available.

But where CASBs are most useful are when they act as gatekeepers with shadow IT operations. This overcomes problems with operating units or departments that procure and manage their own cloud computing resources outside of mandated company policies.

If data flows in the network originate from non-authenticated devices, the CASB can use auto-discovery features to identify which cloud applications are being used as network transport.

This ability to help identify high-risk applications, high-risk users and key management is one of the strongest benefits of deploying a CASB. As a supplemental feature, information collected while monitoring cloud usage may be used for demonstrating compliance and for auditing, especially in highly regulated industries to identify unsanctioned use.

Before You Decide

A CASB platform is not designed to focus on network infrastructure or in-house applications so it is critical that organisations carefully manage integration with existing systems, such as next-generation firewalls, network access control and security information and event management products. Enterprises will not be keen to manage an entirely separate system that is dedicated to just third party or SaaS cloud apps.

In the SaaS space, CASB platforms support major cloud app providers such as Microsoft Office 365, Google Drive and Salesforce. 

Enterprises should be aware of the limitations of specific cloud platforms, as well as what specific services those platforms provide -- such as encryption, threat detection and analytics before deploying a CASB platform.


Lawson, C., MacDonald, N., Lowans, B., & Reed, B. (2016, October 24). Market Guide for Cloud Access Security Brokers. Retrieved February 14, 2018.


Let our Cloud Experts help you design and deliver
cloud services that best fit your needs.