A Cloud Access Security Broker (CASB) is a cloud security tool used to protect critical data being viewed and shared via corporate and third-party cloud applications. Traditional security solutions lack visibility into cloud applications, which raises significant compliance and security concerns. Between open authorization and public wifi, the new frontier of security must cover the board of user productivity and human error.
If you’ve ever been prompted to login into an application using your Facebook or Google credentials, then you’ve used OAuth. This tool is not an inherently bad thing, but should be monitored properly since signing into a new app with an established user identity gives the app certain permissions within that identity. Have you ever opened Salesforce or a related corporate application while waiting for a flight at the airport? Working off the corporate network in cloud-to-cloud communication creates a blindspot in your organization’s security posture if left unaddressed.
Cisco for Cybersecurity
Cisco is positioned at the forefront of cybersecurity and approaches this topic in three ways, through cloud security, network, and endpoint. Cloudlock is the CASB used by Cisco for cloud security. Cloudlock is API-based, so unlike proxy-based CASBs, API-based CASBs:
Don’t break functionality or impact the user experience
Analyze data already in the cloud (retroactive security analysis)
Analyze cloud-to-cloud traffic
Protect cloud usage from unmanaged users and users with mobile devices
Cloudlock receives recorded events such as file uploads from third-party applications via public APIs and then scans the content with a classification engine. If the content doesn’t pass this evaluation the file is encrypted or quarantined.
Cloudlock’s platform breaks down cloud security into three sections: Data, Users, and Applications.
Data – Preventing the leakage of sensitive information in the cloud is challenging, since cloud platforms are meant to be collaborative and users regularly share data within workflow applications. Making the connection between legacy data protection tools and security in the cloud is a step towards better coverage. Cisco Cloudlock continuously monitors cloud environments with a cloud Data Loss Prevention (DLP) engine to identify sensitive information stored in cloud environments in violation of policy. With advanced DLP precision, Cloudlock can identify proprietary data and then mitigate the risk of leakage through automated response actions towards that data.
User – Attackers are getting around security controls that rely on the network perimeter, firewalls, or exclusively focus on a one platform. Cisco Cloudlock provides cross-platform User and Entity Behavior Analytics (UEBA) to identify anomalies within IaaS, PaaS, SaaS, and IDaaS environments. Cloudlock utilizes machine learning and policy-based enforcement to detect events occurring across distances at impossible speeds, and actions from grey or black listed countries. After these events are identified, Cloudlock begins a number of automated remediation actions, including end-user notification, and alerts to administrators.
Apps – Securing apps in the cloud is perhaps the largest draw for security administrators to a CASB. Cloudlock covers:
- Microsoft Office 365
- Amazon Web Services (AWS)
- Google G Suite
Cisco Cloudlock has the largest CASB customer base, creating the smartest cyber intelligence to pull from on the most scalable platform. Cloudlock’s reach across platforms grants administrators the most visibility and immediate value. It is cloud native and can be deployed swiftly without being disruptive to end-users. The number of major attacks occurring from breaches through third-party-applications is growing. Cover your users cloud-to-cloud communications with the most powerful CASB on the market.