Cloud Access Security Brokers: A Key Capability of a Secure Access Service Edge Solution
Cloud access security brokers (CASB) traditionally deliver security policy controls for software as a service (SaaS) applications, providing a means to enforce governance and data protection policies across diverse environments. Essentially, companies use CASBs to:
- Apply security, governance and compliance policies within a cloud environment
- Discover sensitive data and its location in the cloud
- Implement security measures to prevent data from being exposed, lost or stolen
Securing SaaS has become increasingly critical in recent years due to a sharp rise in advanced security threats and because companies are now storing, sharing and transferring massive amounts of sensitive data in the cloud. According to Gartner, a leading research and advisory firm, “By 2023, of enterprises will have adopted SWG, CASB, ZTNA and branch FWaaS capabilities from the same vendor up from less than 5% in 2019.”
How CASB Relates to SASE
The challenge with the conventional CASB model is that your organization has yet another point solution to manage. With proxy and API controls separated under the same console or under different management, additional logging, analytics and reporting, it amounts to yet another non-integrated system to deal with when embracing SaaS.
A shift is underway as organizations look to consolidate their security within a framework that provides services within a common infrastructure. Of secure access service edge (SASE), Gartner states, “To provide low-latency access to users, devices and cloud services anywhere, enterprises need SASE offerings with a worldwide fabric of points of presence (POPs) and peering relationships.”
With SASE, organizations no longer have to stand up a separate solution to handle CASB specifically. Instead, SASE provides a consistent way to deliver and manage the functions of CASB while providing a uniform way to securely connect users to applications.
Benefits of a SASE
Some of the biggest benefits of using a SASE for CASB include:
- The means to deliver both in-line and API-based controls for managing cloud access security as a unified platform. These functions are both necessary for complete SaaS coverage, and SASE can provide the means to unify the approach.
- A new, comprehensive data protection approach covering every data channel and threat vector with unified policies and a centralized cloud-based engine.
- Broader threat intelligence across all SASE services, providing consistency in threat detection and policy enforcement.
- Automation everywhere for ingesting and operationalizing protection against new threats.
- Reduction in the amount of administrative work it takes to deploy security across the enterprise, including the environments beyond SaaS.
CASB is a key capability in a comprehensive SASE solution. Read Gartner’s The Future of Network Security in the Cloud report to learn more about SASE.