A cloud access security broker (CASB) is on-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. A CASB can offer a variety of services, including but not limited to monitoring user activity, warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing malware.
A CASB may deliver security, management or both. Broadly speaking, “security” is the prevention of high-risk events, whilst “management” is the monitoring and mitigation of high-risk events.
CASBs that deliver security must be in the path of data access, between the user and the cloud. Architecturally, this might be achieved with proxy agents on each end-point device, or in agentless fashion without requiring any configuration on each device.
Agentless CASB allow for rapid deployment and deliver security on all devices, company-managed or unmanaged BYOD. Agentless CASB also respect user privacy, inspecting only corporate data. Agent-based CASB are difficult to deploy and effective only on devices that are managed by the corporation. Agent-based CASB typically inspect both corporate and personal data.
CASBs that deliver management may use APIs to inspect data and activity in the cloud to alert of risky events after the fact. Another management capability of a CASB is to inspect firewall or proxy logs for usage of cloud applications.
API-only CASBs such as Cloudlock offer management using APIs provided by the major SaaS applications. In contrast, multi-mode CASBs, e.g. Netskope, CipherCloud, offer both management and security. Some multi-mode CASBs may also offer Zero-Day capabilities to protect against threats both known and unknown.