The cloud is an exact tempest for information security because we lose visibility and control when service providers take responsibility for systems. If you are new to cloud the industry has standardized in the term cloud as a generic way to categorize Internet-delivered data and application services.
Cloud services are organized into three buckets
- Infrastructure as a Service (IaaS) for systems and storage.
- Platform as a Service (PaaS) for applications service stack where you can deploy your business applications into somebody else’s app stack.
- Software as a Service (SaaS) or full-blown business applications delivered as a service to your business.
What’s happening in the Security world?
The organizations are scrambling to detect what cloud apps are in use and working to plug holes while data is flowing out to cloud service providers and other vendors. The Cloud Access Security Broker (CASB) is a solution that can help you. Most CSB vendors niche and it grows rapidly partnering with other larger tech players for federated identity services.
The standards and solutions are also evolving as the cloud security organizations are settling on standard and guidance. Look for the cloud security alliance for excellent support on policies standards and assurance and the cloud standards customer guidance for excellent support on cloud service agreements.
In technology, the big vendors are slow to provide solutions in this area except for few including IBM who built cloud security enforcers from the ground up Microsoft who require Adallom to admit a strategy which is a very smart move considering the rapidly growing adoption of office 365.
How does CASB facilitate?
CASBs bring a single interface to common cloud access requirements including visibility into cloud abuse CSP (Cloud Service Provider) risk analysis, malware prevention, Data Protection, and access control including adaptive access control which provides additional degrees of security based on the context of the person to access the application.
Federated Identity management services are critical to CASB. Provisioning in SSO (Single Sign-on) solutions are necessary to integrate with CASB but the general rule that this Security broker does not provide them
The enterprise mobile device management services are critical to the effectiveness of this Cloud Security broker. They can assist in securing Data in the interaction with the cloud app but it can not prevent mobile device penetration, so these services are also critical at the device level. Many security brokers integrate with the leading MDM (Mobile Device Management).
The crucial role of the Cloud Security broker and information security strategy
The cloud apps use the visibility of which the news access control to these cloud apps and policies around how the access is granted or denied.
Data loss prevention and the ability to encrypt or tokenize data as it leases leave your organization into the cloud service provider
The CSP (Cloud Service Provider) risk vendor risk management risk analysis decision support is absolutely provided by cloud security. There is a user interface that will show you what level of risk a particular
And also some of the security broker solutions provide malware protection so that as they are crawling different files or looking data that is going through the CASB they den detect that an infective file and quarantine the file as this is not in all CASB and also Gartner does call this out as a component of CASB Solutions, not all CASB vendors.
