Cloud access security brokers (CASBs) are one of the ways businesses are upping the security game when it comes to cloud services. Gartner defines a CASBs as, “on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed.” CASBs are robust in that they can apply multiple layers and authentication techniques to applications and data housed on the cloud. CASBs can combine credential mapping, malware detection, encryption, and single sign-on.
One of the biggest concerns with the increasing use of the cloud for application and data storage is cloud security. Dealing with a data leak and the all of the aftereffects associated with that is the last thing any business wants, so sound cloud security is a must. Tracking every movement of data and every request for access made would require more resources than businesses have available. Instead, businesses need to be smart and efficient with their security policies, combining appropriate effort with trusted security. One of the more recent changes to cloud security is the use of adaptive behavior profiles. These profiles monitor the way data is typically accessed (e.g. time of day, duration of access and geographical location). If someone attempts to access data in an abnormal manner (e.g. data that is normally accessed between 12 and 3 PM EST is accessed at 2 AM EST), then the profile will notify an administrator who can take the time to look at the specific instance. This monitoring technique saves businesses and employees time and energy so that they can focus their efforts elsewhere unless a problem has occurred.
CASBs are another of these cloud security changes. CASBs act as a middleman between users and cloud-based data and applications. The use of CASBs allows authorized users to access data from physical locations that would previously have been off-limits. A businessman could access data from the cloud while using free wifi in an airport, for example, because the CASB ensures that all data is transmitted securely by accessing the data itself and then passing it along to the user. Before CASBs, users were limited to the security of corporate networks and firewalls, but now CASBs expand the geographical reach of the cloud.
In September 2015, Microsoft acquired Adallom, an industry leader in CASBs. This acquisition has allowed Microsoft to improve its cloud security capabilities, and as of April 2016, Microsoft’s Cloud App Security has been redesigned to function based on Adallom’s technology. CASB security measures have been integrated into Microsoft’s existing Azure products. This increased security has been showcased through improvements to Microsoft’s Power BI Security. The Back End of Power BI features two major areas based on whether or not a user can directly access them or not. The services to the left of the dotted line in the graphic below show areas to which users have direct access. Areas to the right of the dotted line must be handled separately by the gateway role before returning the requested information to the user. This schema parallels the general CASB model of limited access unless proper authentication has been obtained. Once a user has been granted access to data – whether that be data from the cloud or data from the Back End of Power BI – a separate entity makes sure that data is transferred securely and in a timely fashion, improving the overall experience for the user and the overall security for the business.