A Cloud Access Security Broker (CASB) is an on-premises or cloud-based security policy point-of-enforcement. Originally, asset security was simpler since all assets were located on-premises and on the same network, but with time and with an increasingly mobile workforce, security requirements evolved and CASB rose to meet them.
A CASB offers an integrated security management solution to security enforcement such as multi-factor authentication, single sign-on, credential mapping, encryption, tokenization, malware detection, and so on.
What is CASB and how it works?
CASB, a policy enforcement center, consolidates security regardless of device, including unmanaged smartphones or personal laptops. It works through a three-step process that involves Discovery (to compile a list of all third-cloud services and users), Classification (of risk levels of each application), and Remediation (to set security requirements and take action in case of a violation).
A CASB comprises three pillars.
1. Identity and Access Management (IAM)
Gartner defines IAM simply as ‘the discipline that enables the right individuals to access the right resources at the right times for the right reasons.’ IAM solutions help maintain a database of all organization identities and restrict access to org assets based on user identity.
2. Identity Governance and Administration (IGA)
This is a policy-based approach to IAM. IGA serves to support overall IT security and regulatory compliance as well as automate workflows for provisioning and deprovisioning users.
And yes, there is a difference between IAM and IGA. IGA allows organizations to not only define and enforce IAM policy but also connect IAM functions to meet audit and compliance requirements.
3. Privileged access management (PAM)
This is a critical security control that enables organizations to simplify how they define, monitor, and manage privileged access across their IT systems, applications, and infrastructure. It helps control who has access to sensitive systems and protected information. Most employees, for instance, shouldn’t be given access to all critical systems such as production, backup, and financial at the same time.
Privileged accounts can access valuable data and perform special actions, often with low tracking or control. PAM solutions centralize the management of administrator profiles and enforce a least privilege access policy.
To better understand what the CASB concept really means, and how you can adopt it as you secure your SaaS, PaaS, or IaaS environments, contact Akku today.