CASB

What is a CASB?

A CASB (Cloud Access Security Broker) is a security solution acting as an intermediary between users and cloud services (SaaS, IaaS, PaaS). A CASB provides visibility, access control, data protection and threat protection in cloud environments.

A CASB delivers four key functions. Visibility - discovering all cloud services used within the organisation, including shadow IT. Compliance - enforcing regulatory policies regarding data storage and processing in the cloud. Data security - classifying and protecting confidential data, integrating with DLP. Threat protection - detecting unusual user behaviours, account compromises and malware in cloud files.

A CASB can operate in proxy mode (forward proxy or reverse proxy), intercepting cloud-bound traffic, or in API mode, connecting directly to cloud platforms (Microsoft 365, Google Workspace, Salesforce, Box) for data and activity inspection. Leading vendors include Microsoft Defender for Cloud Apps, Netskope, Zscaler and Palo Alto Networks.

Why does it matter?

Organisations use an average of dozens to hundreds of cloud services, many of which are used without IT department knowledge (shadow IT). A CASB gives the organisation control over data and activities in the cloud, helping meet regulatory requirements (GDPR, NIS2) and limiting the risk of data leakage through unauthorised applications.

Related topics

• SASE
• DLP
• Zero Trust