CASB - Cloud Access Security Broker
About 2 min read
A CASB (Cloud Access Security Broker) is a security solution that sits between an organization's users and cloud services, centrally handling access visibility, compliance enforcement, data protection, and threat detection. The concept was proposed by Gartner in 2012, and it spread rapidly against the backdrop of the growing risk of shadow IT as cloud migration accelerated. As a means of closing the security gaps in SaaS usage that traditional firewalls and proxies cannot fully address, it plays a central role in enterprise cloud security strategies.
Gartner's Proposal and Market Development
In a 2012 report, Gartner pointed out that enterprise cloud usage was expanding beyond the control of IT departments and advocated the need to place a "broker" between the cloud and users. Initially, startups such as Netskope, Skyhigh Networks (now McAfee Enterprise), and Bitglass led the market, but from around 2020, major players such as Microsoft, Palo Alto Networks, and Zscaler entered through acquisitions and in-house development, and the market is rapidly consolidating.
The Four Pillars of CASB
Comprehensively detects the cloud services employees use. Provides a dashboard view of usage across all SaaS, including shadow IT.
Monitors compliance with regulatory requirements. Automatically checks data storage locations, encryption status, and access logs.
Prevents the external leakage of confidential data with DLP (Data Loss Prevention) capabilities. Protects data in the cloud through encryption and tokenization.
Detects anomalous login patterns, mass downloads, suspicious sharing settings, and the like, and blocks them or raises alerts in real time.
Comparison of Deployment Modes
| Mode | How It Works | Pros | Cons |
|---|---|---|---|
| Forward proxy | Routes user traffic through the CASB | Real-time control; can block unsanctioned services too | Requires agent deployment; increased latency |
| Reverse proxy | Places the CASB in front of the cloud service | No agent required; supports BYOD as well | Limited range of supported services |
| API mode | Analyzes data through the cloud service's API | Easy to deploy; can inspect already-stored data | No real-time blocking; detection after the fact only |
The Trend Toward Integration into SASE
In recent years, CASBs have evolved from standalone products into a component of SASE (Secure Access Service Edge). SASE is a cloud-native security platform that integrates zero trust network access (ZTNA), SD-WAN, firewalls, and CASBs. Gartner predicted that by 2025, 80% of large enterprises would adopt a SASE strategy, and it is becoming mainstream for CASB capabilities to be delivered as part of SASE. Integration with IAM enables fine-grained access control based on user identity.
Real-World Use Cases
"When we deployed a CASB and ran the first scan, we found that more than 350 unsanctioned cloud services were in use within the company. Of these, 15 stored data containing personal information, so we immediately carried out data migration. Using API mode, we also retroactively inspected the data in our existing Microsoft 365 and Google Workspace, detecting and remediating more than 200 confidential files that had been shared externally."
Security measures for cloud storage are explained in detail in our article on cloud storage security, and protecting remote-work environments is covered in our article on remote-work security.cloud security books on Amazon are also useful in practice.
Was this article helpful?