Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/7/2017
04:47 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Security in the Cloud: Pitfalls and Potential of CASB Systems

The transition to cloud has driven a demand for CASB systems, but today's systems lack the full breadth of functionality businesses need.

Security leaders moving to the cloud are worried about data protection. Many are considering cloud access security broker (CASB) systems to monitor security as they navigate the cloud security space.

Many organizations lack full understanding of the cloud services they use and their associated risks, interfering with compliance and protection, research shows. Meanwhile, more sensitive information is being stored with SaaS apps like Office 365, Box, DropBox, Slack, and others. 

CASB is an intermediary to give businesses "a single console approach to providing consistent security and policy management across the hundreds, and even thousands, of unique cloud services an enterprise is using," says Jim Reavis, CEO for the Cloud Security Alliance.

The need for CASB to provide visibility, compliance, data security, and threat protection has grown as IT functions move off-premise and security leaders need more granular visibility and policy management. By 2020, Gartner reports, 85% of large enterprises will use a CASB.

Understanding CASB

"The most common use case for CASBs today is to gain visibility of organizational cloud service usage -- how many cloud services, what are they used for, which departments are using them," says Reavis.

"That information is used to discover policy violations and organizational risks and allow enterprises to take corrective action," he continues. This may include automated remediation, detailed information for manual response, or integration with other security tools in the SOC.

Businesses can use CASB to understand where corporate data is going, detect suspicious activity, scan emails for malicious content and prevent the spread of malware, and stop a range of attacks.

CASB systems are also used for inline data protection, like with encryption or tokenization. This is more popular in regulated environments because it keeps cloud-based data under user control. While it has potential for the long term, says Reavis, this is challenging today because there aren't many technical standards for data protection APIs that cloud providers can use.

Two major deployment methods for CASB are API-based and proxy-based, he explains. API-based involves out-of-band deployment directly integrated with the cloud providers' API interfaces. Proxy-based CASB systems examine identified network traffic flows.

Both API- and proxy-based solutions have benefits and drawbacks. API products enable access by anyone from anywhere, but they don't eliminate access by cloud providers, says Willy Leichter, VP of product and content marketing for CipherCloud. These also depend on the quality and performance of APIs from cloud security providers.

API solutions may vary in quality or not be supported by the CASB vendor. Proxy-based systems may cause an outage for end users if a SaaS app alters its user interface.

Where today's systems fall short

While CASB systems are good for visibility, they don't help solve all the issues they highlight, says Tim Prendergast, founder and CEO at Evident.io. He likens the situation to a doctor telling a patient they have several problems but lacking the ability to fix them.

This poses a challenge to overworked security teams, which may question the benefit of buying a CASB system when they lack people to solve issues it highlights. Many may wonder whether they should have used the funds to hire more talent for assigning and solving problems.

"Data without action is kind of useless," says Prendergast. "Data has to be automatable so your team can solve the problem and move on to bigger projects."

The newness of the cloud has proven a constraint to the evolution of CASB, Reavis adds, because cloud providers still view one another as competition.

"CASBs have to take a lot of different competitive, incompatible cloud services and make a coherent picture for the enterprise," he explains. For API solutions, there is a practical challenge because APIs are inconsistent among different cloud providers.

"It will reflect tensions, competition, and lack of standards if they can't provide as rich of information as if everyone agreed on the same thing," says Reavis.

Predicting the future of CASB  

Reavis says the competitive dynamic among CASB providers is a "consequence of newness" and limits the consistency and richness of the service they can provide. However, consolidation is happening. Companies are being purchased and maintaining service with their buyers.

CASB systems will have a difficult time as teams and users become more distributed, says Prendergast. Providers may have to re-architect their systems to monitor traffic of employees logging in from different networks.

For businesses that need to protect sensitive data, CASB solutions should give deep integration with specific clouds, third-party tools, enterprise systems, and workflows, says Leichter. Tools promising advanced data protection should support complex environments and maintain the functionality of cloud applications.

David Waugh, VP of sales and marketing at ManagedMethods, warns of "proxy fatigue" among CASB customers and end users of going through a proxy. As CASB adoption increases, he expects API-based tools to be as prevalent as firewalls were in the last decade.

What to know before you buy

Security leaders weighing the pros and cons of CASB systems should think about their infrastructure before purchasing.

"In order for a CASB solution to be effective, businesses need to carefully consider what clouds are businesses-critical, what data is sensitive, and who needs to access it," says Leichter, "If data protection is applied poorly, it can be a blunt instrument that breaks important cloud functionality."

The need for CASB varies from business to business, Prendergast explains, and it's important to have realistic expectations. If you're hoping to better understand the web and SaaS services employees are using, CASB could be worth the cost.

"The reality is, there are ups and downs and pros and cons," he says. "Ask what you want to get out of it before you engage. If you're a startup or a large business, a lot of times CASB won't make sense ... There are probably 500 other security problems you should be solving before that."

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PatrickF934
50%
50%
PatrickF934,
User Rank: Apprentice
6/16/2017 | 3:07:16 PM
Re: CASBs can, in fact, take action on the issues they highlight.
Thanks for your response to the article. I work with Tim at Evident.io, and while I understand your points, I want to clarify some things. Taking action is not sending the data off to a non-CASB product and throwing the issue over the wall.  Sure, if you are a legacy man-in-the-middle approach to control you can attempt to take action, but architecturally this would fail when cloud services are accessed outside the networks behind the CASB solution. "Public Cloud" is exactly that... unconstrained access from anywhere in the world. This is where the CASB approach fails. No CASB player has full API coverage for public cloud and therefore cannot lay claim that they are true hybrid coverage solutions, much less process the environments in real time and mitigate risk across the overall attack surface. Integrations with other point products is a referral network, and not core CASB remediation capability.
nets651
0%
100%
nets651,
User Rank: Apprentice
6/8/2017 | 10:32:43 AM
CASBs can, in fact, take action on the issues they highlight.
The comment by the gentleman from Evident.Io is plainly inaccurate. Multi-mode CASBs have gone far beyond Discovery for many years and can take a multitude of actions on anomalies, threats detected, DLP violations etc... both inline and out-of-band, including access control, alerting, quarantine, blocking, coaching, redirecting, encrypting/tokenizing and more. These actions can be taken across all modes, from out-of-band APIs to reverse proxy or full forward proxy.  They can be integrated with existing DLP, UBA, Threat Detection and IR solutions for end-to-end closed-loop remediation. 
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We are really excited about our new two tone authentication system!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29440
PUBLISHED: 2020-11-30
Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoof...
CVE-2020-29441
PUBLISHED: 2020-11-30
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronou...
CVE-2020-4127
PUBLISHED: 2020-11-30
HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 F...
CVE-2020-11867
PUBLISHED: 2020-11-30
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
CVE-2020-16849
PUBLISHED: 2020-11-30
An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.