CASB (Cloud Access Security Broker)
What is CASB (Cloud Access Security Broker)?
CASB (Cloud Access Security Broker)A policy enforcement point that sits between users and cloud/SaaS applications to enforce visibility, data protection, and threat controls.
A CASB inspects traffic to sanctioned and unsanctioned SaaS apps (Microsoft 365, Salesforce, Box, ChatGPT, etc.) and applies controls across four pillars: visibility (shadow-IT discovery), compliance, data security (DLP, encryption, tokenization), and threat protection (UEBA, malware scanning). It is typically deployed as an API connector that reads cloud activity logs, a forward proxy on the network, or a reverse proxy integrated with SSO. CASB allows security teams to apply consistent controls across hundreds of SaaS apps that the enterprise does not directly operate. Modern offerings are usually delivered as part of an SSE/SASE platform together with SWG, ZTNA, and FWaaS.
● Examples
- 01
Netskope or Microsoft Defender for Cloud Apps blocking uploads of regulated data to a personal Dropbox.
- 02
API integration that revokes risky third-party OAuth grants in Microsoft 365.
● Frequently asked questions
What is CASB (Cloud Access Security Broker)?
A policy enforcement point that sits between users and cloud/SaaS applications to enforce visibility, data protection, and threat controls. It belongs to the Cloud Security category of cybersecurity.
What does CASB (Cloud Access Security Broker) mean?
A policy enforcement point that sits between users and cloud/SaaS applications to enforce visibility, data protection, and threat controls.
How do you defend against CASB (Cloud Access Security Broker)?
Defences for CASB (Cloud Access Security Broker) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for CASB (Cloud Access Security Broker)?
Common alternative names include: Cloud broker.