A Comprehensive Guide to CASB

What is a Cloud Access Security Broker (CASB)?

Gartner defines CASB as the security policy enforcement points placed between cloud service providers and users whether as cloud-based resources are accessed.

The evolution of IT infrastructure towards hybrid cloud environments has led to a surge in the adoption of cloud services. In addition to the shift and rise of remote work, has introduced increased security challenges for organisations.

Cloud Access Security Brokers (CASBs) have emerged as essential tools to address these challenges, offering comprehensive solutions to secure cloud applications, data, and user access.

The Need for Cloud Security

CASB solutions are designed to meet the security needs arising from the transformation in network architecture and user connectivity. The key challenges organisation face include the risk of attack, insider threats and shadow IT. 

"The world presents many threats to the safety of Australians, both at home and overseas. These threats are diverse and evolving, from nuclear weapons proliferation to terrorist insurgency, cyber attack and transnational crime. The government has taken firm steps across these areas to protect Australians at home."

- The Department of Foreign Affairs and Trade (DFAT)

The Australian Cybersecurity Magazine reported findings in a research on 25 of Australia's largest listed market capital organisations to possess almost 12,000 internet-facing assets that are suspectable to exploitation, with a total of more than 290,000 assets across the study group.

The Australian Signals Directorate (ASD) reported an increase in 23% of reported cyberattacks last year, equivalent to one every six minutes. There was an increase of 33% reported security incidents of malicious attacks or isolated comprises on Australian critical infrastructure during 2022-23.  The costs of Cybercrime on businesses increased by 14%.

Organisations are progressively relying on CASB vendors to mitigate risks associated with cloud services, implement security policies, and adhere to regulations, even in situations where cloud services extend beyond their immediate perimeter and are not directly under their control.

How CASB Solutions Work

CASBs monitor and manage traffic between on-premises devices and cloud providers, performing various functions based on organisational security policies. The four major pillars of CASB solutions include:

Visibility:

• Comprehensive insight into cloud service usage, risk assessments, and user activities enables risk-adaptive access controls based on device, location, and role.

Compliance:

• Enforcing and demonstrating compliance with regulations such as GDPR, HIPAA, PCI DSS, ensuring adherence to industry standards.

Threat Protection:

• Detecting and remediating cyberattacks, insider threats, and unauthorised IT asset usage through a comprehensive view of usage patterns.



Data Security:

• Applying data loss prevention technology to safeguard data, prevent leaks, and secure sensitive information.

Top Use Cases for CASB Solutions

Forcepoint, a leading CASB provider stipulates the below CASB solutions for a variety of use cases:

Secure Personal Device Access:

• Ensuring security for Bring Your Own Device (BYOD) devices through agentless deployment and contextual access controls.

Prevent Data Loss:

• Encryption, quarantine, redaction, and digital rights management to stop data leaks at rest and in transit.

Limit Risky External Sharing:

• Scanning cloud apps for inappropriate sharing and configuring controls to restrict access based on device, location, or user groups.

Stop Cloud Malware and Ransomware:

• Advanced threat protection to defend against known and zero-day malware.

User Entity and Behaviour Analytics (UEBA) and Cross-App Visibility:

• Leveraging user and entity behaviour analytics for real-time corrective actions based on cross-app visibility.

Encrypt Data-at-Rest:

• Overcoming limitations of third-party encryption solutions, providing control over encryption keys to shield data from unauthorised access.

Securely Authenticate Users:

• Identity and access management (IAM), single sign-on, and multifactor authentication (MFA) for cloud security.

Secure IaaS Platforms:

• Securing Infrastructure-as-a-Service offerings like Azure, AWS, and Google Cloud Platform with encryption, DLP, and CSPM.

Control Unmanaged App Usage:

• Detecting and managing shadow IT, blocking interactions or notifying users of unsanctioned app usage.

Secure Access Service Edge (SASE):

• Integrating CASB solutions into the SASE framework for comprehensive network security across modern IT environments.

CASB Solutions from Forcepoint

Forcepoint CASB stands out as a robust solution offering:

• Discover and Prioritise:
• Identifying unsanctioned cloud usage based on risk.

• Secure BYOD Devices:
• Enhancing employee productivity while ensuring the security of corporate resources in the cloud.

• Identify Anomalous Behavior:
• Detecting and stopping malicious user behavior in the cloud.

• Reduce Data Exposure Risk:
• Minimising the risk of exposing sensitive cloud data to unauthorized users.

• Manage Policies Effectively:
• Simplifying security operations through centralised policy management.

• Streamline Compliance:
• Demonstrating processes for controlling information to streamline compliance.

• Enhance Office 365 Security:
• Monitoring Office 365 activities in real-time to improve cloud app security.

Security Legislation Amendment (Critical Infrastructure) Bill 2021

The Australian Government is dedicated to safeguarding the essential services upon which all Australians depend.

The Security Legislation Security Legislation Amendment (Critical Infrastructure) Bill 2021 amends the  Security of Critical Infrastructure Act 2018 (SOCI Act) aimed to strengthen the existing framework for mitigating risks associated with critical infrastructure. These amendments include the introduction of additional positive security obligations for critical infrastructure assets. This involves implementing a risk management program through sector-specific requirements and mandatory reporting of cyber incidents. In addition to enhanced cybersecurity obligations for assets deemed of national significance. The amendments also entail government assistance to relevant entities within the critical infrastructure sector in response to significant cyber attacks.

The SOCI Act applies to the following 11 sectors:

• Communications
• Financial services and markets
• Data storage and processing
• Defence
• Higher education and research
• Energy
• Food and grocery
• Healthcare and medical
• Space technology
• Transport
• Water and sewerage

To complement these adjustments, there are provisions for amendments contingent upon the commencement of the Federal Circuit and Family Court of Australia Act 2020. The Administrative Decisions (Judicial Review) Act 1977 is modified to exclude certain decisions from judicial review. The AusCheck Act 2007 is updated to facilitate background checks if required as part of a critical infrastructure risk management program. Additionally, changes are proposed to the National Emergency Declaration Act 2020 and the Security of Critical Infrastructure Act 2018, contingent upon the commencement of the National Emergency Declaration Act 2020. Lastly, the Criminal Code Act 1995 is amended to establish immunity concerning the Australian Signals Directorate for conduct occurring outside of Australia.