What’s the Difference between a Traditional CASB and an Integrated CASB?
Years ago, companies typically kept all their applications and data in a single, on-site data center. In this environment, companies had complete visibility into and precise control over who was accessing their applications and data—and when—as well as which devices (typically desktop or laptop computers) were being used to access them.
Over time, as companies moved data to the cloud and began using SaaS applications, they discovered they no longer had insight into who was accessing and using their applications and data, nor—thanks to the advent of mobile technologies such as laptops and smartphones—the devices being used.
This made it difficult for companies to protect their data and opened them up to a host of security risks, such as breaches, regulatory noncompliance, malware, ransomware and more.
To address these challenges, vendors developed what is known as the Cloud Access Security Broker (CASB) technology.
Today, Cloud Access Security Brokers or CASBs are one of the key capabilities that make up a comprehensive SASE solution. Serving as security policy enforcement points that sit between a cloud service provider and its users, CASBs help organizations discover where their data is across multiple software-as-a-service (SaaS) applications, and when it’s in motion across cloud environments, on-prem data centers, and mobile workers. A CASB also enforces an organization’s security, governance, and compliance policies allowing authorized users to access and consume cloud resources while enabling organizations to effectively and consistently protect their data across multiple locations.
Traditional or first-generation CASB solutions offer basic security capabilities that are limited in breadth and depth, offering only piecemeal security. For example, their data protection capabilities are quite basic, cover only data in the cloud and are detached from the enterprise data loss prevention. They also lack the essential security mechanisms that detect endless threat variations that cybercriminals constantly create as they target SaaS applications. When the CASB was first born, it was designed to fulfill its purpose as a standalone proxy-based point solution and remain disjointed from the rest of the security infrastructure. The issue with proxy-based CASBs is that they require complex traffic redirection from the network firewall with proxy auto-configuration (PAC) agents and log collectors causing significant architectural and operational complexity and high cost of ownership.
Enterprises today can’t keep up with the rapid growth of SaaS applications because of having to manually come up with SaaS application signatures. To keep pace with the SaaS explosion, enterprises need an integrated CASB that is integrated with existing security infrastructure and addressed by ML and intelligence crowdsourcing from the large global community rather than requiring applications to be added manually.
An integrated CASB should leverage a) an in-line security mechanism to automatically discover and control all SaaS risks with existing as well as thousands emerging SaaS applications, and, b) an API-based security mechanism to scan SaaS applications for sensitive data, malware and policy violations while maintaining compliance and preventing threats in real-time without dependence on third-party tools. Lastly, it should be easy to deploy and manage, yielding low total cost of ownership.
To learn more about Palo Alto Networks’ approach to integrated CASB, visit us here: https://www.paloaltonetworks.com/network-security/integrated-casb.