Cloud Access Security Broker
Finding the Right Cloud Access Security Broker (CASB) for Your Enterprise
What is a CASB? Learn More
Security Ops Centre for your Cloud Apps
The Symantec CloudSOC™ platform enables companies to leverage cloud applications and services with confidence, while remaining safe, secure and compliant. It provides visibility into shadow IT, governance of data in Cloud apps, and protection against threats targeting Cloud accounts.
CloudSOC takes a data science approach to security, using machine learning at its core and leveraging native SaaS APIs, real-time traffic processing and other data sources, to provide insightful visualisation and intuitive controls.
Symantec Audit, Detect, Protect, and Investigate apps on CloudSOC offer a cloud audit for Shadow IT, granular transaction visibility, user behaviour analytics, threat detection, data governance and DLP, security controls and post-incident forensic analysis.
The Symantec CASB gateway provides in-line traffic analysis and control over a wide range of cloud apps, and offers security in the use of both sanctioned and unsanctioned cloud apps. Symantec Securlets deliver visibility, data governance and threat protection, through direct integration with popular cloud apps, providing security for all data and activity in an organisation’s Cloud accounts, regardless of how users are accessing the Cloud.
What to look for in a Cloud Access Security Broker
Cloud adoption has created new security and compliance issues. Enterprises are struggling to understand the data security and compliance impact of aggressive employee and organisational adoption of cloud applications, while simultaneously trying to determine how to maintain data security and compliance with new data residency laws as their infrastructure moves to the cloud. This is where a Cloud Access Security Broker (CASB) comes into play. Startup CASB vendors can provide visibility into cloud application risk, largely based on proxy logs. However, these vendors lack any control point for web and cloud traffic to implement policy control to mitigate the risk of shadow cloud. Moreover, they lack advanced threat protection, which can protect from threats that may come from cloud application usage. Finally, as these vendors require integration in an existing proxy to function, it makes sense that Symantec is a natural fit to perform these services natively instead.
Symantec CASB Solution Components
- Cloud Application Visibility and Risk Intelligence (“Audit”) enables organisations to discover and analyse internal Cloud application usage, in terms of both sanctioned and non-sanctioned applications. The Audit product delivers an understanding of who is using which applications, how much data is passing in and out and where the risk lies throughout cloud application usage.
- Cloud Application Threat Protection and Data Controls (“CASB Gateway”) provides the ability to deliver in-line granular control over user interactions with cloud applications, by recognising usage and applying policies to maintain data security. The CASB Gateway offers data loss prevention, user behaviour analytics, and file encryption capabilities to mitigate the risks introduced with cloud application usage.
- Cloud Application Data Control and Threat Protection (“Securlets”) protects Cloud accounts, controls user activity, and governs data within Cloud accounts, through direct API integration with Cloud applications. Securlets also enable incident response and forensics to monitor, log and capture activities that occur within cloud applications.
- Cloud Data Protection allows you to encrypt or tokenise cloud data to ensure compliance with data residency laws and other compliance regimes. It works with public cloud SaaS applications, such as ServiceNow, Salesforce and Oracle. CDP intercepts sensitive data while it is still on-site and replaces it with a random tokenised or encrypted value, rendering it meaningless if anyone outside of the company accesses the data while it is being processed or stored in the cloud.
Secure Your Transition to the Cloud
Symantec is a leading provider of advanced web security solutions, and has extended its offering with the Blue Coat Security Platform. This provides the most comprehensive set of technology for Cloud Access Security in the CASB space, including Cloud access control, to mitigate the risk of employee use of non-sanctioned applications, or “shadow IT,” while enabling the secure use of sanctioned applications. We deliver:
- Cloud Visibility & Intelligence Discover and analyse cloud data usage and risks. With simple dashboards and detailed analysis, you gain an understanding of who is using which applications, how much data is moving in and out, and where the risk lies across their application usage. Capture and replay capabilities further enable you to reconstruct actual data files for forensic investigation.
- Cloud Access Security Provides the ability to decrypt encrypted traffic and apply powerful proxy-based policies to maintain data security, enable trusted application usage and mitigate shadow cloud risk. By blocking access, coaching users or sending content for advanced inspection, organisations can enable safe cloud usage while preventing advanced threats and data exfiltration.
- Cloud Data Protection and Control Advanced data encryption and tokenisation services for sanctioned cloud applications protect your corporate data stored in cloud applications, assure compliance with regional data residency laws and preserve the intended application functionality.
As networks continue to evolve, organisations migrate to the cloud, and as the endpoint revolution continues, the need for advanced cloud security services through a CASB solution will continue to grow. The Blue Coat Security Platform, delivered in-the-cloud and on-site, offers a strong history of protecting web usage, which naturally extends to cloud application security.
What is CASB?
A new solution for cloud app security
A Cloud Access Security Broker (CASB) is a set of new cloud security technologies that addresses the challenges posed by the use of cloud apps and services, including SaaS and IaaS. These new CASB solutions are designed to help organisations leverage the productivity gains offered by cloud apps and services, by providing critical visibility and control of how these services are being used. They help information security teams:
- Identify and evaluate all the cloud apps in use (Shadow IT)
- Enforce cloud application management policies in existing web proxies or firewalls
- Enforce granular policies to govern handling of sensitive information, including compliance-related content
- Encrypt or tokenise sensitive content to enforce privacy and security
- Detect and block unusual account behaviour indicative of malicious activity
- Integrate cloud visibility and controls with broader security solutions for data loss prevention, access management and web security
What are the fundamental capabilities of CASB?
Cloud App Discovery and Analysis
Providing Shadow IT discovery and risk analysis, including detailed cloud app ratings, usage analytics and continuous reporting.
Data Governance and Protection
Providing the ability to enforce data-centric security policies to prevent unwanted activity such as inappropriate sharing of content. Supporting encryption and tokenisation of compliance-related data.
Threat Protection and Incident Response
Preventing malicious activity such as data exfiltration due to account takeover, session hijacking or insider activity, through continuous monitoring of user behaviour. Identifying and blocking malware uploaded or shared within cloud apps, and providing tools for incident response.
Compliance and Data Privacy
Assisting with data residency and compliance with regulations and standards, as well as identifying cloud usage and risks of specific cloud services.
What is Shadow IT?
Shadow IT refers to investment in third-party IT solutions, including cloud apps and services, without oversight from the IT organisation. Cloud apps are a big contributor to Shadow IT, as employees or lines of business can easily onboard these services directly, to improve productivity immediately.
What are CASB Components?
CASB solutions are usually deployed in the cloud as a cloud service. Effective CASB solutions need to cover a wide range of scenarios, including sanctioned and unsanctioned cloud apps, business and personal accounts on sanctioned apps, mobile devices and desktops, and managed and unmanaged devices. To address all these scenarios, comprehensive CASB solutions leverage the following:
The top cloud apps have well-defined APIs, which can be leveraged by a CASB to monitor activity, analyse content and modify settings within accounts on that cloud app. Most CASBs offer cloud application-specific security solutions to leverage these APIs.
Inline Security with Gateways
Positioned between the users and their cloud apps, a CASB gateway can provide valuable insights into cloud activity and provide a vehicle for real-time policy enforcement, such as blocking data exfiltration or protecting information with encryption.
Shadow IT Analysis
Existing security devices, such as secure web gateways and firewalls, have log data that can be used to help analyse Shadow IT.
Endpoint agents offer another option to manage cloud activity and enforce policies.
- Cloud Security Alliance (CSA): cloudsecurityalliance.org/
- Gartner: Cloud Access Security Brokers (CASBs)
- Forrester: Market Overview: Cloud Data Protection
- Wikipedia: Cloud Computing Security
- Wikipedia: Shadow IT