Finding the Right Cloud Access Security Broker (CASB) for Your Enterprise
What is a CASB? Learn More
Security Ops Center for your Cloud Apps
The Symantec CloudSOC™ platform enables companies to confidently leverage cloud applications and services while staying safe, secure and compliant. It provides visibility into shadow IT, governance over data in cloud apps, and protection against threats targeting cloud accounts.
CloudSOC takes a data science approach to security using machine learning at its core and leveraging native SaaS APIs, real-time traffic processing and other data sources to provide insightful visualization and intuitive controls.
Symantec Audit, Detect, Protect, and Investigate apps on CloudSOC offer a cloud audit for Shadow IT, granular transaction visibility, user behavior analytics, threat detection, data governance and DLP, security controls and post-incident forensic analysis.
The Symantec CASB gateway provides in-line traffic analysis and control over a wide range of cloud apps; offering security over use of both sanctioned and unsanctioned cloud apps. Symantec Securlets deliver visibility, data governance and threat protection through direct integration with popular cloud apps, providing security over all data and activity in an organization’s cloud accounts regardless of how users are accessing the cloud.
What to Look For in a Cloud Access Security Broker
Cloud adoption has created new security and compliance issues. Enterprises are struggling to understand the data security and compliance impact of aggressive employee and organizational adoption of cloud applications while also trying to determine how to maintain data security and compliance with new data residency laws as their infrastructure moves to the cloud. This is where a Cloud Access Security Broker (CASB) comes into play. Startup CASB vendors can provide visibility into cloud application risk - largely based on proxy logs; those vendors, however, lack any control point for web and cloud traffic to implement policy control to mitigate the risk of shadow cloud. Moreover, they lack advanced threat protection that can protect from threats that may come from cloud application usage. Lastly, as these vendors require integration to an existing proxy to function, it makes sense that Symantec is a natural fit to perform these services natively instead.
Symantec CASB Solution Components
- Cloud Application Visibility and Risk Intelligence (“Audit”) allows organizations to discover and analyze cloud application usage within their organization for both sanctioned and non-sanctioned application usage. The Audit product delivers an understanding of who is using which applications, how much data is moving in and out, and where the risk lies across cloud application usage.
- Cloud Application Threat Protection and Data Controls (“CASB Gateway”) provides the ability to deliver in-line granular control over user interactions with cloud applications by recognizing usage and applying policies to maintain data security. The CASB Gateway offers data loss prevention, user behavior analytics, and file encryption capabilities to mitigate the risks introduced with cloud application usage.
- Cloud Application Data Control and Threat Protection (“Securlets”) protects cloud accounts, controls user activity and governs data within cloud accounts through direct API integration with cloud applications. Securlets also enable incident response and forensics to monitor, log and capture activities that occur within cloud applications.
- Cloud Data Protection allows you to encrypt or tokenize cloud data to assure compliance with data residency laws and other compliance regines. It works with public cloud SaaS applications like ServiceNow, Salesforce, and Oracle. CDP intercepts sensitive data while it is still on-premises and replaces it with a random tokenized or encrypted value, rendering it meaningless should anyone outside of the company access the data while it is being processed or stored in the cloud.
Secure Your Transition to Cloud
Symantec is a leading provider of advanced web security solutions and has extended that security with the Blue Coat Security Platform to provide the most comprehensive set of technology for cloud access security in the CASB space, including cloud access control to mitigate the risk of employee use of non-sanctioned applications, or “shadow IT,” while enabling the secure use of sanctioned applications. We deliver:
- Cloud Visibility & Intelligence Discover and analyze cloud data usage and risks. With simple dashboards and detailed analysis, you gain an understanding of who is using what applications, how much data is moving in and out, and where the risk lies across their application usage. Capture and replay capabilities further allows you to reconstruct actual data files for forensic investigation.
- Cloud Access Security Provides the ability to decrypt encrypted traffic, and apply powerful proxy-based policies to maintain data security, enable trusted application usage, and mitigate shadow cloud risk. By blocking access, coaching users or sending content for advanced inspection, organizations can enable safe cloud usage while preventing advanced threats and data exfiltration.
- Cloud Data Protection and Control Advanced data encryption and tokenization services for sanctioned cloud applications protects your corporate data stored in cloud applications, assures compliance with regional data residency laws while preserving the intended application functionality.
As networks continue to evolve, organizations migrate to the cloud, and as the endpoint revolution continues, the need for advanced cloud security services through a CASB solution will continue to grow. The Blue Coat Security Platform, delivered in-the-cloud and on-premise, provides a strong history of protecting web usage that naturally extends to cloud application security.
What is CASB?
A New Solution for Cloud App Security
A Cloud Access Security Broker (CASB) is a set of new cloud security technologies that addresses the challenges posed by the use of cloud apps and services, including SaaS and IaaS. These new CASB solutions are designed to help organizations enable the productivity gains offered by cloud apps and services by providing critical visibility and control of how these services are being used. They help information security teams:
- Identify and evaluate all the cloud apps in use (Shadow IT)
- Enforce cloud application management policies in existing web proxies or firewalls
- Enforce granular policies to govern handling of sensitive information, including compliance-related content
- Encrypt or tokenize sensitive content to enforce privacy and security
- Detect and block unusual account behavior indicative of malicious activity
- Integration cloud visibility and controls with broader security solutions for data loss prevention, access management, and web security
What are the Fundamental Capabilities of CASB?
Cloud App Discovery and Analysis
Provide Shadow IT discovery and risk analysis including detailed cloud app ratings, usage analytics, and continuous reporting.
Data Governance and Protection
Provide the ability to enforce data-centric security policies to prevent unwanted activity such as inappropriate sharing of content. Support encryption and tokenization of compliance-related data.
Threat Protection and Incident Response
Prevent malicious activity such as data exfiltration due to account takeover, session hijacking, or insider activity through continuous monitoring of user behavior. Identify and block malware being uploaded or shared within cloud apps and provide tools for incident response.
Compliance and Data Privacy
Assist with data residency and compliance with regulations and standards, as well as identify cloud usage and risks of specific could services.
What Is Shadow IT?
Shadow IT refers to investment in third-party IT solutions, including cloud apps and services, without oversight from the IT organization. Cloud apps are a big contributor to Shadow IT, as employees or lines of business can easily onboard these services directly and they immediately improve productivity.
What are CASB Components?
CASB solutions are usually deployed in the cloud as a cloud service. Effective CASB solutions need to cover a wide range of scenarios, including sanctioned and unsanctioned cloud apps, business and personal accounts on sanctioned apps, mobile devices and desktops, and managed and unmanaged devices. To address all these scenarios, comprehensive CASB solutions leverage the following:
Application Specific Security
The top cloud apps have well-defined APIs that a CASB can leverage to monitor activity, analyze content, and modify settings within accounts on that cloud app. Most CASBs offer cloud application-specific security solutions that leverage these APIs.
Inline Security with Gateways
Sitting between the users and their cloud apps, a CASB gateway can provide valuable insights into cloud activity and provide a vehicle for real-time policy enforcement, such as blocking data exfiltration or protecting information with encryption.
Shadow IT Analysis
Existing security devices, such as secure web gateways and firewalls, have log data that can be used to help analyze Shadow IT.
Endpoint agents offer another option to manage cloud activity and enforce policies.
- Cloud Security Alliance (CSA): cloudsecurityalliance.org/
- Gartner: Cloud Access Security Brokers (CASBs)
- Forrester: Market Overview: Cloud Data Protection
- Wikipedia: Cloud Computing Security
- Wikipedia: Shadow IT